CVE-2015-1573

kernel: panic while flushing nftables rules that reference deleted chains.

Severity Score

5.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The nft_flush_table function in net/netfilter/nf_tables_api.c in the Linux kernel before 3.18.5 mishandles the interaction between cross-chain jumps and ruleset flushes, which allows local users to cause a denial of service (panic) by leveraging the CAP_NET_ADMIN capability.

La función nft_flush_table en net/netfilter/nf_tables_api.c en el kernel de Linux en versiones anteriores a 3.18.5 no maneja adecuadamente la interacción entre saltos cross-chain y borrado de conjuntos de reglas, lo que permite a usuarios locales provocar una denegación de servicio (pánico) aprovechando la capacidad CAP_NET_ADMIN.

A flaw was found in the way the nft_flush_table() function of the Linux kernel's netfilter tables implementation flushed rules that were referencing deleted chains. A local user who has the CAP_NET_ADMIN capability could use this flaw to crash the system.

*Credits: N/A

CVSS Scores

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

Attack Vector

Local

Attack Complexity

High

Authentication

Single

Confidentiality

Partial

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2015-02-10 CVE Reserved
2015-06-23 CVE Published
2023-03-08 EPSS Updated
2024-08-06 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-19: Data Processing Errors
CWE-416: Use After Free

CAPEC

References (9)

URL	Tag	Source
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.5	X_refsource_confirm
http://www.openwall.com/lists/oss-security/2015/02/10/13	Mailing List
http://www.securityfocus.com/bid/72552	Vdb Entry

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a2f18db0c68fec96631c10cad9384c196e9008ac	2018-01-05
http://rhn.redhat.com/errata/RHSA-2015-1137.html	2018-01-05
http://rhn.redhat.com/errata/RHSA-2015-1138.html	2018-01-05
https://bugzilla.redhat.com/show_bug.cgi?id=1190966	2015-06-23
https://github.com/torvalds/linux/commit/a2f18db0c68fec96631c10cad9384c196e9008ac	2018-01-05
https://access.redhat.com/security/cve/CVE-2015-1573	2015-06-23

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				<= 3.18.4 Search vendor "Linux" for product "Linux Kernel" and version " <= 3.18.4"		-		Affected