[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247862

 
 

909

 
 

194603

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2015-7613Date: (C)2015-12-15   (M)2024-04-19


Race condition in the IPC object implementation in the Linux kernel through 4.2.3 allows local users to gain privileges by triggering an ipc_addid call that leads to uid and gid comparisons against uninitialized data, related to msg.c, shm.c, and util.c.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.9
Exploit Score: 3.4
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECTRACK-1034094
SECTRACK-1034592
BID-76977
DSA-3372
RHSA-2015:2636
SUSE-SU-2015:1727
SUSE-SU-2015:2084
SUSE-SU-2015:2085
SUSE-SU-2015:2086
SUSE-SU-2015:2087
SUSE-SU-2015:2089
SUSE-SU-2015:2090
SUSE-SU-2015:2091
USN-2761-1
USN-2762-1
USN-2763-1
USN-2764-1
USN-2765-1
USN-2792-1
http://www.openwall.com/lists/oss-security/2015/10/01/8
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b9a532277938798b53178d5a66af6e2915cb27cf
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
https://bugzilla.redhat.com/show_bug.cgi?id=1268270
https://github.com/torvalds/linux/commit/b9a532277938798b53178d5a66af6e2915cb27cf
https://kc.mcafee.com/corporate/index?page=content&id=SB10146

CPE    1
cpe:/o:linux:linux_kernel
CWE    1
CWE-362
OVAL    26
oval:org.secpod.oval:def:109610
oval:org.secpod.oval:def:702783
oval:org.secpod.oval:def:702781
oval:org.secpod.oval:def:52592
...

© SecPod Technologies