CVE-2015-4036

2015-08-3120:59:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2015-4036

linux kernel

tcm_vhost_make_tpg

drivers

vhost

scsi

memory corruption

denial of service

vulnerability

6.7 Medium

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

36.8%

JSON

Array index error in the tcm_vhost_make_tpg function in drivers/vhost/scsi.c in the Linux kernel before 4.0 might allow guest OS users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted VHOST_SCSI_SET_ENDPOINT ioctl call. NOTE: the affected function was renamed to vhost_scsi_make_tpg before the vulnerability was announced.

CPENameOperatorVersion
linux:linux_kernellinux linux kerneleq3.6
linux:linux_kernellinux linux kernellt3.16.35
linux:linux_kernellinux linux kernellt3.12.44
linux:linux_kernellinux linux kernellt4.0
linux:linux_kernellinux linux kernellt3.14.57
linux:linux_kernellinux linux kernellt3.18.25
linux:linux_kernellinux linux kernellt3.10.90

CPE	Name	Operator	Version
linux:linux_kernel	linux linux kernel	eq	3.6
linux:linux_kernel	linux linux kernel	lt	3.16.35
linux:linux_kernel	linux linux kernel	lt	3.12.44
linux:linux_kernel	linux linux kernel	lt	4.0
linux:linux_kernel	linux linux kernel	lt	3.14.57
linux:linux_kernel	linux linux kernel	lt	3.18.25
linux:linux_kernel	linux linux kernel	lt	3.10.90