Vulnerability-Lookup

CERTFR-2015-AVI-359

Vulnerability from certfr_avis - Published: 2015-08-20 - Updated: 2015-08-20

De multiples vulnérabilités ont été corrigées dans le noyau Linux de Fedora. Elles permettent à un attaquant de provoquer un déni de service, une atteinte à la confidentialité des données et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Noyau Linux de Fedora versions inférieures à 4.1.5-100.fc21

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

CVE-2015-3339 (GCVE-0-2015-3339)

Vulnerability from cvelistv5 – Published: 2015-05-27 10:00 – Updated: 2024-08-06 05:47

Summary

Race condition in the prepare_binprm function in fs/exec.c in the Linux kernel before 3.19.6 allows local users to gain privileges by executing a setuid program at a time instant when a chown to root is in progress, and the ownership is changed but the setuid bit is not yet stripped.

Severity

No CVSS data available.

CWE

Assigner

mitre

References

18 references

URL	Tags
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
http://www.securitytracker.com/id/1032412	vdb-entryx_refsource_SECTRACK
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
https://bugzilla.redhat.com/show_bug.cgi?id=1214030	x_refsource_CONFIRM
http://www.oracle.com/technetwork/topics/security…	x_refsource_CONFIRM
http://www.debian.org/security/2015/dsa-3237	vendor-advisoryx_refsource_DEBIAN
http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
http://www.oracle.com/technetwork/topics/security…	x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
http://www.openwall.com/lists/oss-security/2015/04/20/5	mailing-listx_refsource_MLIST
http://www.kernel.org/pub/linux/kernel/v3.x/Chang…	x_refsource_CONFIRM
http://git.kernel.org/?p=linux/kernel/git/torvald…	x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2015-1272.html	vendor-advisoryx_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
https://github.com/torvalds/linux/commit/8b01fc86…	x_refsource_CONFIRM

Date Public

2015-04-19 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:47:57.218Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SUSE-SU-2015:1491",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00011.html"
          },
          {
            "name": "1032412",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032412"
          },
          {
            "name": "SUSE-SU-2015:1489",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.html"
          },
          {
            "name": "SUSE-SU-2015:1488",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00008.html"
          },
          {
            "name": "FEDORA-2015-8518",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158804.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1214030"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
          },
          {
            "name": "DSA-3237",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3237"
          },
          {
            "name": "FEDORA-2015-7736",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157897.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
          },
          {
            "name": "openSUSE-SU-2015:1382",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html"
          },
          {
            "name": "[oss-security] 20150420 Re: Linux: chown() was racy relative to execve() - Linux kernel",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/04/20/5"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.19.6"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8b01fc86b9f425899f8a3a8fc1c47d73c2c20543"
          },
          {
            "name": "SUSE-SU-2016:2074",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
          },
          {
            "name": "RHSA-2015:1272",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1272.html"
          },
          {
            "name": "SUSE-SU-2015:1487",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00007.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/8b01fc86b9f425899f8a3a8fc1c47d73c2c20543"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-04-19T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Race condition in the prepare_binprm function in fs/exec.c in the Linux kernel before 3.19.6 allows local users to gain privileges by executing a setuid program at a time instant when a chown to root is in progress, and the ownership is changed but the setuid bit is not yet stripped."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-29T18:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "SUSE-SU-2015:1491",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00011.html"
        },
        {
          "name": "1032412",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1032412"
        },
        {
          "name": "SUSE-SU-2015:1489",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.html"
        },
        {
          "name": "SUSE-SU-2015:1488",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00008.html"
        },
        {
          "name": "FEDORA-2015-8518",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158804.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1214030"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
        },
        {
          "name": "DSA-3237",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3237"
        },
        {
          "name": "FEDORA-2015-7736",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157897.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
        },
        {
          "name": "openSUSE-SU-2015:1382",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html"
        },
        {
          "name": "[oss-security] 20150420 Re: Linux: chown() was racy relative to execve() - Linux kernel",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/04/20/5"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.19.6"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8b01fc86b9f425899f8a3a8fc1c47d73c2c20543"
        },
        {
          "name": "SUSE-SU-2016:2074",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
        },
        {
          "name": "RHSA-2015:1272",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1272.html"
        },
        {
          "name": "SUSE-SU-2015:1487",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00007.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/torvalds/linux/commit/8b01fc86b9f425899f8a3a8fc1c47d73c2c20543"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-3339",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Race condition in the prepare_binprm function in fs/exec.c in the Linux kernel before 3.19.6 allows local users to gain privileges by executing a setuid program at a time instant when a chown to root is in progress, and the ownership is changed but the setuid bit is not yet stripped."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "SUSE-SU-2015:1491",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00011.html"
            },
            {
              "name": "1032412",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1032412"
            },
            {
              "name": "SUSE-SU-2015:1489",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.html"
            },
            {
              "name": "SUSE-SU-2015:1488",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00008.html"
            },
            {
              "name": "FEDORA-2015-8518",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158804.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1214030",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1214030"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
            },
            {
              "name": "DSA-3237",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2015/dsa-3237"
            },
            {
              "name": "FEDORA-2015-7736",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157897.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
            },
            {
              "name": "openSUSE-SU-2015:1382",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html"
            },
            {
              "name": "[oss-security] 20150420 Re: Linux: chown() was racy relative to execve() - Linux kernel",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/04/20/5"
            },
            {
              "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.19.6",
              "refsource": "CONFIRM",
              "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.19.6"
            },
            {
              "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8b01fc86b9f425899f8a3a8fc1c47d73c2c20543",
              "refsource": "CONFIRM",
              "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8b01fc86b9f425899f8a3a8fc1c47d73c2c20543"
            },
            {
              "name": "SUSE-SU-2016:2074",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
            },
            {
              "name": "RHSA-2015:1272",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-1272.html"
            },
            {
              "name": "SUSE-SU-2015:1487",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00007.html"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/8b01fc86b9f425899f8a3a8fc1c47d73c2c20543",
              "refsource": "CONFIRM",
              "url": "https://github.com/torvalds/linux/commit/8b01fc86b9f425899f8a3a8fc1c47d73c2c20543"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-3339",
    "datePublished": "2015-05-27T10:00:00.000Z",
    "dateReserved": "2015-04-20T00:00:00.000Z",
    "dateUpdated": "2024-08-06T05:47:57.218Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-3636 (GCVE-0-2015-3636)

Vulnerability from cvelistv5 – Published: 2015-08-06 01:00 – Updated: 2024-08-06 05:47

Summary

The ping_unhash function in net/ipv4/ping.c in the Linux kernel before 4.0.3 does not initialize a certain list data structure during an unhash operation, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) by leveraging the ability to make a SOCK_DGRAM socket system call for the IPPROTO_ICMP or IPPROTO_ICMPV6 protocol, and then making a connect system call after a disconnect.

Severity

No CVSS data available.

CWE

Assigner

mitre

References

28 references

URL	Tags
http://www.debian.org/security/2015/dsa-3290	vendor-advisoryx_refsource_DEBIAN
http://www.ubuntu.com/usn/USN-2631-1	vendor-advisoryx_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-2634-1	vendor-advisoryx_refsource_UBUNTU
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
http://www.ubuntu.com/usn/USN-2632-1	vendor-advisoryx_refsource_UBUNTU
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
http://www.openwall.com/lists/oss-security/2015/05/02/5	mailing-listx_refsource_MLIST
http://www.securitytracker.com/id/1033186	vdb-entryx_refsource_SECTRACK
http://www.oracle.com/technetwork/topics/security…	x_refsource_CONFIRM
https://github.com/torvalds/linux/commit/a134f083…	x_refsource_CONFIRM
http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
http://rhn.redhat.com/errata/RHSA-2015-1643.html	vendor-advisoryx_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
http://www.kernel.org/pub/linux/kernel/v4.x/Chang…	x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=1218074	x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2015-1583.html	vendor-advisoryx_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2015-1534.html	vendor-advisoryx_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2015-1564.html	vendor-advisoryx_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
http://git.kernel.org/cgit/linux/kernel/git/torva…	x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2015-1221.html	vendor-advisoryx_refsource_REDHAT
http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
http://www.ubuntu.com/usn/USN-2633-1	vendor-advisoryx_refsource_UBUNTU
http://www.securityfocus.com/bid/74450	vdb-entryx_refsource_BID

Date Public

2015-05-02 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:47:57.772Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-3290",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3290"
          },
          {
            "name": "USN-2631-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2631-1"
          },
          {
            "name": "USN-2634-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2634-1"
          },
          {
            "name": "SUSE-SU-2015:1491",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00011.html"
          },
          {
            "name": "SUSE-SU-2015:1489",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.html"
          },
          {
            "name": "USN-2632-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2632-1"
          },
          {
            "name": "SUSE-SU-2015:1488",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00008.html"
          },
          {
            "name": "FEDORA-2015-8518",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158804.html"
          },
          {
            "name": "[oss-security] 20150502 CVE request for a fixed bug existed in all versions of linux kernel from KeenTeam",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/05/02/5"
          },
          {
            "name": "1033186",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1033186"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/a134f083e79fb4c3d0a925691e732c56911b4326"
          },
          {
            "name": "FEDORA-2015-7736",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157897.html"
          },
          {
            "name": "RHSA-2015:1643",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1643.html"
          },
          {
            "name": "openSUSE-SU-2015:1382",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.3"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1218074"
          },
          {
            "name": "SUSE-SU-2015:1478",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html"
          },
          {
            "name": "RHSA-2015:1583",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1583.html"
          },
          {
            "name": "RHSA-2015:1534",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1534.html"
          },
          {
            "name": "RHSA-2015:1564",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1564.html"
          },
          {
            "name": "SUSE-SU-2015:1224",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.html"
          },
          {
            "name": "SUSE-SU-2015:1487",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00007.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a134f083e79fb4c3d0a925691e732c56911b4326"
          },
          {
            "name": "RHSA-2015:1221",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1221.html"
          },
          {
            "name": "FEDORA-2015-7784",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157788.html"
          },
          {
            "name": "USN-2633-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2633-1"
          },
          {
            "name": "74450",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/74450"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-05-02T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The ping_unhash function in net/ipv4/ping.c in the Linux kernel before 4.0.3 does not initialize a certain list data structure during an unhash operation, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) by leveraging the ability to make a SOCK_DGRAM socket system call for the IPPROTO_ICMP or IPPROTO_ICMPV6 protocol, and then making a connect system call after a disconnect."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "DSA-3290",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3290"
        },
        {
          "name": "USN-2631-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2631-1"
        },
        {
          "name": "USN-2634-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2634-1"
        },
        {
          "name": "SUSE-SU-2015:1491",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00011.html"
        },
        {
          "name": "SUSE-SU-2015:1489",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.html"
        },
        {
          "name": "USN-2632-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2632-1"
        },
        {
          "name": "SUSE-SU-2015:1488",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00008.html"
        },
        {
          "name": "FEDORA-2015-8518",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158804.html"
        },
        {
          "name": "[oss-security] 20150502 CVE request for a fixed bug existed in all versions of linux kernel from KeenTeam",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/05/02/5"
        },
        {
          "name": "1033186",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1033186"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/torvalds/linux/commit/a134f083e79fb4c3d0a925691e732c56911b4326"
        },
        {
          "name": "FEDORA-2015-7736",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157897.html"
        },
        {
          "name": "RHSA-2015:1643",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1643.html"
        },
        {
          "name": "openSUSE-SU-2015:1382",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.3"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1218074"
        },
        {
          "name": "SUSE-SU-2015:1478",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html"
        },
        {
          "name": "RHSA-2015:1583",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1583.html"
        },
        {
          "name": "RHSA-2015:1534",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1534.html"
        },
        {
          "name": "RHSA-2015:1564",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1564.html"
        },
        {
          "name": "SUSE-SU-2015:1224",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.html"
        },
        {
          "name": "SUSE-SU-2015:1487",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00007.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a134f083e79fb4c3d0a925691e732c56911b4326"
        },
        {
          "name": "RHSA-2015:1221",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1221.html"
        },
        {
          "name": "FEDORA-2015-7784",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157788.html"
        },
        {
          "name": "USN-2633-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2633-1"
        },
        {
          "name": "74450",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/74450"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-3636",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The ping_unhash function in net/ipv4/ping.c in the Linux kernel before 4.0.3 does not initialize a certain list data structure during an unhash operation, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) by leveraging the ability to make a SOCK_DGRAM socket system call for the IPPROTO_ICMP or IPPROTO_ICMPV6 protocol, and then making a connect system call after a disconnect."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-3290",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2015/dsa-3290"
            },
            {
              "name": "USN-2631-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2631-1"
            },
            {
              "name": "USN-2634-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2634-1"
            },
            {
              "name": "SUSE-SU-2015:1491",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00011.html"
            },
            {
              "name": "SUSE-SU-2015:1489",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.html"
            },
            {
              "name": "USN-2632-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2632-1"
            },
            {
              "name": "SUSE-SU-2015:1488",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00008.html"
            },
            {
              "name": "FEDORA-2015-8518",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158804.html"
            },
            {
              "name": "[oss-security] 20150502 CVE request for a fixed bug existed in all versions of linux kernel from KeenTeam",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/05/02/5"
            },
            {
              "name": "1033186",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1033186"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/a134f083e79fb4c3d0a925691e732c56911b4326",
              "refsource": "CONFIRM",
              "url": "https://github.com/torvalds/linux/commit/a134f083e79fb4c3d0a925691e732c56911b4326"
            },
            {
              "name": "FEDORA-2015-7736",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157897.html"
            },
            {
              "name": "RHSA-2015:1643",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-1643.html"
            },
            {
              "name": "openSUSE-SU-2015:1382",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html"
            },
            {
              "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.3",
              "refsource": "CONFIRM",
              "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.3"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1218074",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1218074"
            },
            {
              "name": "SUSE-SU-2015:1478",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html"
            },
            {
              "name": "RHSA-2015:1583",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-1583.html"
            },
            {
              "name": "RHSA-2015:1534",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-1534.html"
            },
            {
              "name": "RHSA-2015:1564",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-1564.html"
            },
            {
              "name": "SUSE-SU-2015:1224",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.html"
            },
            {
              "name": "SUSE-SU-2015:1487",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00007.html"
            },
            {
              "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a134f083e79fb4c3d0a925691e732c56911b4326",
              "refsource": "CONFIRM",
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a134f083e79fb4c3d0a925691e732c56911b4326"
            },
            {
              "name": "RHSA-2015:1221",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-1221.html"
            },
            {
              "name": "FEDORA-2015-7784",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157788.html"
            },
            {
              "name": "USN-2633-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2633-1"
            },
            {
              "name": "74450",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/74450"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-3636",
    "datePublished": "2015-08-06T01:00:00.000Z",
    "dateReserved": "2015-05-02T00:00:00.000Z",
    "dateUpdated": "2024-08-06T05:47:57.772Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-5697 (GCVE-0-2015-5697)

Vulnerability from cvelistv5 – Published: 2015-08-31 10:00 – Updated: 2024-08-06 06:59

Summary

The get_bitmap_file function in drivers/md/md.c in the Linux kernel before 4.1.6 does not initialize a certain bitmap data structure, which allows local users to obtain sensitive information from kernel memory via a GET_BITMAP_FILE ioctl call.

Severity

No CVSS data available.

CWE

Assigner

mitre

References

21 references

URL	Tags
http://www.ubuntu.com/usn/USN-2748-1	vendor-advisoryx_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-2751-1	vendor-advisoryx_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-2731-1	vendor-advisoryx_refsource_UBUNTU
https://github.com/torvalds/linux/commit/b6878d9e…	x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
http://www.openwall.com/lists/oss-security/2015/07/28/2	mailing-listx_refsource_MLIST
http://www.securityfocus.com/bid/76066	vdb-entryx_refsource_BID
http://www.oracle.com/technetwork/topics/security…	x_refsource_CONFIRM
http://www.ubuntu.com/usn/USN-2752-1	vendor-advisoryx_refsource_UBUNTU
https://bugzilla.redhat.com/show_bug.cgi?id=1249011	x_refsource_CONFIRM
http://www.debian.org/security/2015/dsa-3329	vendor-advisoryx_refsource_DEBIAN
http://www.ubuntu.com/usn/USN-2732-1	vendor-advisoryx_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-2749-1	vendor-advisoryx_refsource_UBUNTU
http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
http://www.kernel.org/pub/linux/kernel/v4.x/Chang…	x_refsource_CONFIRM
http://git.kernel.org/cgit/linux/kernel/git/torva…	x_refsource_CONFIRM
http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
http://www.securitytracker.com/id/1033211	vdb-entryx_refsource_SECTRACK
http://www.ubuntu.com/usn/USN-2777-1	vendor-advisoryx_refsource_UBUNTU
http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA

Date Public

2015-07-28 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T06:59:03.845Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-2748-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2748-1"
          },
          {
            "name": "USN-2751-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2751-1"
          },
          {
            "name": "USN-2731-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2731-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/b6878d9e03043695dbf3fa1caa6dfc09db225b16"
          },
          {
            "name": "SUSE-SU-2015:1727",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00009.html"
          },
          {
            "name": "[oss-security] 20150728 CVE request: Linux kernel - information leak in md driver",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/07/28/2"
          },
          {
            "name": "76066",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/76066"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
          },
          {
            "name": "USN-2752-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2752-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1249011"
          },
          {
            "name": "DSA-3329",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3329"
          },
          {
            "name": "USN-2732-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2732-1"
          },
          {
            "name": "USN-2749-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2749-1"
          },
          {
            "name": "FEDORA-2015-12908",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163661.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.6"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b6878d9e03043695dbf3fa1caa6dfc09db225b16"
          },
          {
            "name": "FEDORA-2015-13396",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164137.html"
          },
          {
            "name": "FEDORA-2015-13391",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164193.html"
          },
          {
            "name": "1033211",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1033211"
          },
          {
            "name": "USN-2777-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2777-1"
          },
          {
            "name": "FEDORA-2015-12917",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163711.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-07-28T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The get_bitmap_file function in drivers/md/md.c in the Linux kernel before 4.1.6 does not initialize a certain bitmap data structure, which allows local users to obtain sensitive information from kernel memory via a GET_BITMAP_FILE ioctl call."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-20T09:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "USN-2748-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2748-1"
        },
        {
          "name": "USN-2751-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2751-1"
        },
        {
          "name": "USN-2731-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2731-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/torvalds/linux/commit/b6878d9e03043695dbf3fa1caa6dfc09db225b16"
        },
        {
          "name": "SUSE-SU-2015:1727",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00009.html"
        },
        {
          "name": "[oss-security] 20150728 CVE request: Linux kernel - information leak in md driver",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/07/28/2"
        },
        {
          "name": "76066",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/76066"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
        },
        {
          "name": "USN-2752-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2752-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1249011"
        },
        {
          "name": "DSA-3329",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3329"
        },
        {
          "name": "USN-2732-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2732-1"
        },
        {
          "name": "USN-2749-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2749-1"
        },
        {
          "name": "FEDORA-2015-12908",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163661.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.6"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b6878d9e03043695dbf3fa1caa6dfc09db225b16"
        },
        {
          "name": "FEDORA-2015-13396",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164137.html"
        },
        {
          "name": "FEDORA-2015-13391",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164193.html"
        },
        {
          "name": "1033211",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1033211"
        },
        {
          "name": "USN-2777-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2777-1"
        },
        {
          "name": "FEDORA-2015-12917",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163711.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-5697",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The get_bitmap_file function in drivers/md/md.c in the Linux kernel before 4.1.6 does not initialize a certain bitmap data structure, which allows local users to obtain sensitive information from kernel memory via a GET_BITMAP_FILE ioctl call."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-2748-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2748-1"
            },
            {
              "name": "USN-2751-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2751-1"
            },
            {
              "name": "USN-2731-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2731-1"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/b6878d9e03043695dbf3fa1caa6dfc09db225b16",
              "refsource": "CONFIRM",
              "url": "https://github.com/torvalds/linux/commit/b6878d9e03043695dbf3fa1caa6dfc09db225b16"
            },
            {
              "name": "SUSE-SU-2015:1727",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00009.html"
            },
            {
              "name": "[oss-security] 20150728 CVE request: Linux kernel - information leak in md driver",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/07/28/2"
            },
            {
              "name": "76066",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/76066"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
            },
            {
              "name": "USN-2752-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2752-1"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1249011",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1249011"
            },
            {
              "name": "DSA-3329",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2015/dsa-3329"
            },
            {
              "name": "USN-2732-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2732-1"
            },
            {
              "name": "USN-2749-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2749-1"
            },
            {
              "name": "FEDORA-2015-12908",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163661.html"
            },
            {
              "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.6",
              "refsource": "CONFIRM",
              "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.6"
            },
            {
              "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b6878d9e03043695dbf3fa1caa6dfc09db225b16",
              "refsource": "CONFIRM",
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b6878d9e03043695dbf3fa1caa6dfc09db225b16"
            },
            {
              "name": "FEDORA-2015-13396",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164137.html"
            },
            {
              "name": "FEDORA-2015-13391",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164193.html"
            },
            {
              "name": "1033211",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1033211"
            },
            {
              "name": "USN-2777-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2777-1"
            },
            {
              "name": "FEDORA-2015-12917",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163711.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-5697",
    "datePublished": "2015-08-31T10:00:00.000Z",
    "dateReserved": "2015-07-29T00:00:00.000Z",
    "dateUpdated": "2024-08-06T06:59:03.845Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CERTFR-2015-AVI-359

Solution

CVE-2015-3339 (GCVE-0-2015-3339)

CVE-2015-3636 (GCVE-0-2015-3636)

CVE-2015-5697 (GCVE-0-2015-5697)

Tags

Sightings

Nomenclature