Lucene search

K
cveMitreCVE-2015-8845
HistoryApr 27, 2016 - 5:59 p.m.

CVE-2015-8845

2016-04-2717:59:05
CWE-284
mitre
web.nvd.nist.gov
95
cve-2015-8845
linux kernel
powerpc
denial of service
nvd
tm bad thing exception
panic

CVSS2

4.9

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6

Confidence

High

EPSS

0.001

Percentile

16.0%

The tm_reclaim_thread function in arch/powerpc/kernel/process.c in the Linux kernel before 4.4.1 on powerpc platforms does not ensure that TM suspend mode exists before proceeding with a tm_reclaim call, which allows local users to cause a denial of service (TM Bad Thing exception and panic) via a crafted application.

Affected configurations

Nvd
Node
linuxlinux_kernelRange4.4
Node
susesuse_linux_enterprise_live_patchingMatch12.0
OR
susesuse_linux_enterprise_module_for_public_cloudMatch12.0
OR
susesuse_linux_enterprise_real_time_extensionMatch12sp1
OR
susesuse_linux_enterprise_software_development_kitMatch12.0
OR
susesuse_linux_enterprise_workstation_extensionMatch12.0
OR
novellsuse_linux_enterprise_desktopMatch12.0
OR
novellsuse_linux_enterprise_serverMatch12.0
VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
susesuse_linux_enterprise_live_patching12.0cpe:2.3:a:suse:suse_linux_enterprise_live_patching:12.0:*:*:*:*:*:*:*
susesuse_linux_enterprise_module_for_public_cloud12.0cpe:2.3:a:suse:suse_linux_enterprise_module_for_public_cloud:12.0:*:*:*:*:*:*:*
susesuse_linux_enterprise_real_time_extension12cpe:2.3:a:suse:suse_linux_enterprise_real_time_extension:12:sp1:*:*:*:*:*:*
susesuse_linux_enterprise_software_development_kit12.0cpe:2.3:a:suse:suse_linux_enterprise_software_development_kit:12.0:*:*:*:*:*:*:*
susesuse_linux_enterprise_workstation_extension12.0cpe:2.3:a:suse:suse_linux_enterprise_workstation_extension:12.0:*:*:*:*:*:*:*
novellsuse_linux_enterprise_desktop12.0cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:*:*:*:*:*:*:*
novellsuse_linux_enterprise_server12.0cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:*:*:*:*:*:*:*

CVSS2

4.9

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

6

Confidence

High

EPSS

0.001

Percentile

16.0%