7 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
9.3%
The networking implementation in the Linux kernel through 4.3.3, as used in
Android and other products, does not validate protocol identifiers for
certain protocol families, which allows local users to cause a denial of
service (NULL function pointer dereference and system crash) or possibly
gain privileges by leveraging CLONE_NEWUSER support to execute a crafted
SOCK_RAW application.
Author | Note |
---|---|
jdstrand | android kernels (flo, goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 14.10 and earlier preview kernels linux-lts-saucy no longer receives official support linux-lts-quantal no longer receives official support |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 12.04 | noarch | linux | < 3.2.0-98.138 | UNKNOWN |
ubuntu | 14.04 | noarch | linux | < 3.13.0-79.123 | UNKNOWN |
ubuntu | 15.04 | noarch | linux | < 3.19.0-51.57 | UNKNOWN |
ubuntu | 15.10 | noarch | linux | < 4.2.0-27.32 | UNKNOWN |
ubuntu | 12.04 | noarch | linux-armadaxp | < 3.2.0-1661.85 | UNKNOWN |
ubuntu | 12.04 | noarch | linux-lts-trusty | < 3.13.0-79.123~precise1 | UNKNOWN |
ubuntu | 14.04 | noarch | linux-lts-utopic | < 3.16.0-60.80~14.04.1 | UNKNOWN |
ubuntu | 14.04 | noarch | linux-lts-vivid | < 3.19.0-51.57~14.04.1 | UNKNOWN |
ubuntu | 14.04 | noarch | linux-lts-wily | < 4.2.0-27.32~14.04.1 | UNKNOWN |
ubuntu | 15.10 | noarch | linux-raspi2 | < 4.2.0-1022.29 | UNKNOWN |
www.openwall.com/lists/oss-security/2015/12/09/3
www.openwall.com/lists/oss-security/2015/12/11/6
launchpad.net/bugs/cve/CVE-2015-8543
nvd.nist.gov/vuln/detail/CVE-2015-8543
security-tracker.debian.org/tracker/CVE-2015-8543
ubuntu.com/security/notices/USN-2886-1
ubuntu.com/security/notices/USN-2886-2
ubuntu.com/security/notices/USN-2888-1
ubuntu.com/security/notices/USN-2890-1
ubuntu.com/security/notices/USN-2890-2
ubuntu.com/security/notices/USN-2890-3
ubuntu.com/security/notices/USN-2907-1
ubuntu.com/security/notices/USN-2907-2
ubuntu.com/security/notices/USN-2910-1
www.cve.org/CVERecord?id=CVE-2015-8543
7 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
9.3%