CVE-2015-2686 Information

Feb 14, 2021 cve

Description

net/socket.c in the Linux kernel 3.19 before 3.19.3 does not validate certain range data for (1) sendto and (2) recvfrom system calls which allows local users to gain privileges by leveraging a subsystem that uses the copy_from_iter function in the iov_iter interface as demonstrated by the Bluetooth subsystem.

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Reference

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4de930efc23b92ddf88ce91c405ee645fe6e27ea http://grsecurity.net/~spender/viro.txt http://twitter.com/grsecurity/statuses/579050211605102592 http://twitter.com/grsecurity/statuses/579060953477701632 http://twitter.com/grsecurity/statuses/579075689439059968 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.19.3 http://www.openwall.com/lists/oss-security/2015/03/23/14 http://www.securityfocus.com/bid/73286 https://bugzilla.redhat.com/show_bug.cgi?id=1205242 https://github.com/torvalds/linux/commit/4de930efc23b92ddf88ce91c405ee645fe6e27ea

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.8

Share on: