Lucene search

K
f5F5F5:K17475
HistoryOct 26, 2015 - 12:00 a.m.

K17475 : Linux kernel vulnerability CVE-2015-5707

2015-10-2600:00:00
my.f5.com
11

7.1 High

AI Score

Confidence

High

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

8.1%

Security Advisory Description

Integer overflow in the sg_start_req function in drivers/scsi/sg.c in the Linux kernel 2.6.x through 4.x before 4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large iov_count value in a write request. (CVE-2015-5707)

Impact

  • BIG-IP, BIG-IQ, and Enterprise Manager system

A locally authenticated user with advanced shell access and the ability to locate a vulnerable utility on the system may expose the issue or upload custom code to trigger a denial-of-service (DOS).

  • Traffix system

A locally authenticated user on a system using the SCSI Linux driver may potentially cause memory overflow in the kernel with a specially crafted application.

7.1 High

AI Score

Confidence

High

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

8.1%

Related for F5:K17475