CVE-2015-7312

2015-11-1611:59:00

CWE-362

CWE-416

[email protected]

web.nvd.nist.gov

cve-2015-7312

advanced union filesystem

aufs

linux kernel

race conditions

denial of service

privilege escalation

madvise

msync

nvd

5.8 Medium

AI Score

Confidence

High

4.4 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.3%

JSON

Multiple race conditions in the Advanced Union Filesystem (aufs) aufs3-mmap.patch and aufs4-mmap.patch patches for the Linux kernel 3.x and 4.x allow local users to cause a denial of service (use-after-free and BUG) or possibly gain privileges via a (1) madvise or (2) msync system call, related to mm/madvise.c and mm/msync.c.

CPENameOperatorVersion
linux:linux_kernellinux linux kernelle4.20.15
linux:linux_kernellinux linux kernelle3.19.8
debian:debian_linuxdebian debian linuxeq8.0
canonical:ubuntu_linuxcanonical ubuntu linuxeq14.04

CPE	Name	Operator	Version
linux:linux_kernel	linux linux kernel	le	4.20.15
linux:linux_kernel	linux linux kernel	le	3.19.8
debian:debian_linux	debian debian linux	eq	8.0
canonical:ubuntu_linux	canonical ubuntu linux	eq	14.04