Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2015-8966
HistoryDec 08, 2016 - 12:00 a.m.

CVE-2015-8966

2016-12-0800:00:00
ubuntu.com
ubuntu.com
14

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.3%

JSON

arch/arm/kernel/sys_oabi-compat.c in the Linux kernel before 4.4 allows
local users to gain privileges via a crafted (1) F_OFD_GETLK, (2)
F_OFD_SETLK, or (3) F_OFD_SETLKW command in an fcntl64 system call.

Notes

Author Note
ratliff the fix commit is dated Dec. 2015
jdstrand android kernels (flo, goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 14.10 and earlier preview kernels linux-lts-saucy no longer receives official support linux-lts-quantal no longer receives official support
sbeattie this was probably introduced with the Open File Descriptor Locks patches in the 3.15 kernel, likely 5d50ffd7.
OSVersionArchitecturePackageVersionFilename
ubuntu14.04noarchlinux< 3.13.0-125.174UNKNOWN
ubuntu14.04noarchlinux-lts-vivid< 3.19.0-51.57~14.04.1UNKNOWN

Related

prion 1
cve 1
android 1
debiancve 1
ubuntu 2
openvas 3
nessus 2
androidsecurity 1
prion
prion
Command injection
2016-12-08 21:59:00
cve
cve
CVE-2015-8966
2016-12-08 21:59:00
android
android
CVE-2015-8966
2016-12-01 00:00:00
debiancve
debiancve
CVE-2015-8966
2016-12-08 21:59:00
ubuntu
ubuntu
Linux kernel vulnerabilities
2017-07-21 00:00:00
Linux kernel (Trusty HWE) vulnerabilities
2017-07-21 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-3360-1)
2017-07-22 00:00:00
Ubuntu: Security Advisory (USN-3360-2)
2022-08-26 00:00:00
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1513)
2020-01-23 00:00:00
nessus
nessus
Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-3360-1)
2017-07-24 00:00:00
EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1513)
2019-05-15 00:00:00
androidsecurity
androidsecurity
Android Security Bulletin—December 2016
2016-12-05 00:00:00

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.3%

JSON
Related for UB:CVE-2015-8966
prion1cve1android1debiancve1ubuntu2openvas3nessus2androidsecurity1