CVE-2015-4004
Severity Score
8.5
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The OZWPAN driver in the Linux kernel through 4.0.5 relies on an untrusted length field during packet parsing, which allows remote attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read and system crash) via a crafted packet.
El controlador OZWPAN en el kernel de Linux hasta 4.0.5 depende de un campo de longitud no confiable durante el análisis sintáctico de paquetes, lo que permite a atacantes remotos obtener información sensible de la memoria del kernel o causar una denegación de servicio (lectura fuera de rango y caída de sistema) a través de un paquete manipulado.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2015-05-15 CVE Reserved
- 2015-06-07 CVE Published
- 2024-03-27 EPSS Updated
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (10)
| URL | Tag | Source |
|---|---|---|
| http://openwall.com/lists/oss-security/2015/06/05/7 | Mailing List | |
| http://www.securityfocus.com/bid/74669 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://lkml.org/lkml/2015/5/13/739 | 2024-08-06 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.ubuntu.com/usn/USN-2989-1 | 2022-12-12 | |
| http://www.ubuntu.com/usn/USN-2998-1 | 2022-12-12 | |
| http://www.ubuntu.com/usn/USN-3000-1 | 2022-12-12 | |
| http://www.ubuntu.com/usn/USN-3001-1 | 2022-12-12 | |
| http://www.ubuntu.com/usn/USN-3002-1 | 2022-12-12 | |
| http://www.ubuntu.com/usn/USN-3003-1 | 2022-12-12 | |
| http://www.ubuntu.com/usn/USN-3004-1 | 2022-12-12 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 12.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04" | esm |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 15.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "15.10" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.4 < 4.3 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.4 < 4.3" | - |
Affected
| ||||||