// For flags

CVE-2015-1593

kernel: Linux stack ASLR implementation Integer overflow

Severity Score

7.1
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The stack randomization feature in the Linux kernel before 3.19.1 on 64-bit platforms uses incorrect data types for the results of bitwise left-shift operations, which makes it easier for attackers to bypass the ASLR protection mechanism by predicting the address of the top of the stack, related to the randomize_stack_top function in fs/binfmt_elf.c and the stack_maxrandom_size function in arch/x86/mm/mmap.c.

La característica de aleatoriedad de la pila en el Kernel de Linux anterior a 3.19.1 en plataformas de 64-bits utiliza un tipo de datos incorrecto por el resultado de operaciones de bitwise left-shift, lo que hace que sea más fácil para atacantes evadir el mecanismo de protección ASLR prediciendo direcciones del tope de la pila, relacionado con la función andomize_stack_top en fs/binfmt_elf.c y la función stack_maxrandom_size en arch/x86/mm/mmap.c.

An integer overflow flaw was found in the way the Linux kernel randomized the stack for processes on certain 64-bit architecture systems, such as x86-64, causing the stack entropy to be reduced by four.

The kernel packages contain the Linux kernel, the core of any Linux operating system. A NULL pointer dereference flaw was found in the way the Linux kernel's virtual console implementation handled reference counting when accessing pseudo-terminal device files. A local, unprivileged attacker could use this flaw to crash the system. It was found that the Linux kernel's ping socket implementation did not properly handle socket unhashing during spurious disconnects, which could lead to a use-after-free flaw. On x86-64 architecture systems, a local user able to create ping sockets could use this flaw to crash the system. On non-x86-64 architecture systems, a local user able to create ping sockets could use this flaw to escalate their privileges on the system.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
Attack Vector
Local
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2015-02-13 CVE Reserved
  • 2015-02-16 CVE Published
  • 2024-08-06 CVE Updated
  • 2024-08-06 First Exploit
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-190: Integer Overflow or Wraparound
  • CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (22)
URL Tag Source
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4e7c22d447bb6d7e37bfe39ff658486ae78e8d77 X_refsource_confirm
http://www.openwall.com/lists/oss-security/2015/02/13/13 Mailing List
http://www.securityfocus.com/bid/72607 Vdb Entry
https://lkml.org/lkml/2015/1/7/811 Mailing List
URL Date SRC
http://hmarco.org/bugs/linux-ASLR-integer-overflow.html 2024-08-06
https://github.com/torvalds/linux/commit/4e7c22d447bb6d7e37bfe39ff658486ae78e8d77 2024-08-06
URL Date SRC
URL Date SRC
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00009.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html 2023-11-07
http://rhn.redhat.com/errata/RHSA-2015-1137.html 2023-11-07
http://rhn.redhat.com/errata/RHSA-2015-1138.html 2023-11-07
http://rhn.redhat.com/errata/RHSA-2015-1221.html 2023-11-07
http://www.debian.org/security/2015/dsa-3170 2023-11-07
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.19.1 2023-11-07
http://www.ubuntu.com/usn/USN-2560-1 2023-11-07
http://www.ubuntu.com/usn/USN-2561-1 2023-11-07
http://www.ubuntu.com/usn/USN-2562-1 2023-11-07
http://www.ubuntu.com/usn/USN-2563-1 2023-11-07
http://www.ubuntu.com/usn/USN-2564-1 2023-11-07
http://www.ubuntu.com/usn/USN-2565-1 2023-11-07
https://access.redhat.com/errata/RHSA-2019:3517 2023-11-07
https://bugzilla.redhat.com/show_bug.cgi?id=1192519 2019-11-05
https://access.redhat.com/security/cve/CVE-2015-1593 2019-11-05
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 <= 3.18.9
Search vendor "Linux" for product "Linux Kernel" and version " <= 3.18.9"
x64
Affected