Lucene search

K
ubuntucveUbuntu.comUB:CVE-2015-5156
HistoryAug 06, 2015 - 12:00 a.m.

CVE-2015-5156

2015-08-0600:00:00
ubuntu.com
ubuntu.com
20

CVSS2

6.1

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:N/I:N/A:C

EPSS

0.002

Percentile

62.0%

The virtnet_probe function in drivers/net/virtio_net.c in the Linux kernel
before 4.2 attempts to support a FRAGLIST feature without proper memory
allocation, which allows guest OS users to cause a denial of service
(buffer overflow and memory corruption) via a crafted sequence of
fragmented packets.

Bugs

Notes

Author Note
jdstrand android kernels (flo, goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 14.10 and earlier preview kernels linux-lts-saucy no longer receives official support linux-lts-quantal no longer receives official support
OSVersionArchitecturePackageVersionFilename
ubuntu12.04noarchlinux< 3.2.0-92.130UNKNOWN
ubuntu14.04noarchlinux< 3.13.0-66.108UNKNOWN
ubuntu15.04noarchlinux< 3.19.0-31.36UNKNOWN
ubuntu12.04noarchlinux-armadaxp< 3.2.0-1657.79UNKNOWN
ubuntu12.04noarchlinux-lts-trusty< 3.13.0-66.108~precise1UNKNOWN
ubuntu14.04noarchlinux-lts-utopic< 3.16.0-51.69~14.04.1UNKNOWN
ubuntu14.04noarchlinux-lts-vivid< 3.19.0-31.36~14.04.1UNKNOWN
ubuntu12.04noarchlinux-ti-omap4< 3.2.0-1472.93UNKNOWN

CVSS2

6.1

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:N/I:N/A:C

EPSS

0.002

Percentile

62.0%