Lucene search

K
f5F5F5:K17475
HistoryOct 26, 2015 - 12:00 a.m.

K17475 : Linux kernel vulnerability CVE-2015-5707

2015-10-2600:00:00
my.f5.com
19

AI Score

7.1

Confidence

High

EPSS

0

Percentile

10.1%

Security Advisory Description

Integer overflow in the sg_start_req function in drivers/scsi/sg.c in the Linux kernel 2.6.x through 4.x before 4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large iov_count value in a write request. (CVE-2015-5707)

Impact

  • BIG-IP, BIG-IQ, and Enterprise Manager system

A locally authenticated user with advanced shell access and the ability to locate a vulnerable utility on the system may expose the issue or upload custom code to trigger a denial-of-service (DOS).

  • Traffix system

A locally authenticated user on a system using the SCSI Linux driver may potentially cause memory overflow in the kernel with a specially crafted application.