CVE-2015-4170
kernel: pty layer race condition on tty ldisc shutdown.
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Race condition in the ldsem_cmpxchg function in drivers/tty/tty_ldsem.c in the Linux kernel before 3.13-rc4-next-20131218 allows local users to cause a denial of service (ldsem_down_read and ldsem_down_write deadlock) by establishing a new tty thread during shutdown of a previous tty thread.
Condición de carrera en la función ldsem_cmpxchg en drivers/tty/tty_ldsem.c en el kernel de Linux en versiones anteriores a 3.13-rc4-next-20131218 permite a usuarios locales provocar una denegación de servicio (interbloqueo de ldsem_down_read y ldsem_down_write) estableciendo un nuevo hilo tty durante la desconexión de un hilo tty previo.
A flaw was discovered in the way the Linux kernel's TTY subsystem handled the tty shutdown phase. A local, unprivileged user could use this flaw to cause denial of service on the system by holding a reference to the ldisc lock during tty shutdown, causing a deadlock.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-06-02 CVE Reserved
- 2015-11-20 CVE Published
- 2023-12-19 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
- CWE-667: Improper Locking
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2015/05/26/1 | Mailing List |
|
| http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html | X_refsource_confirm |
|
| http://www.securityfocus.com/bid/74820 | Vdb Entry | |
| https://github.com/torvalds/linux/commit/cf872776fc84128bb779ce2b83a37c884c3203ae | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.kernel.org/pub/linux/kernel/next/patch-v3.13-rc4-next-20131218.xz | 2017-11-12 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | <= 3.13.3 Search vendor "Linux" for product "Linux Kernel" and version " <= 3.13.3" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Compute Node Eus Search vendor "Redhat" for product "Enterprise Linux Compute Node Eus" | 7.1 Search vendor "Redhat" for product "Enterprise Linux Compute Node Eus" and version "7.1" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux For Ibm Z Systems Eus Search vendor "Redhat" for product "Enterprise Linux For Ibm Z Systems Eus" | 7.1_s390x Search vendor "Redhat" for product "Enterprise Linux For Ibm Z Systems Eus" and version "7.1_s390x" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux For Power Big Endian Eus Search vendor "Redhat" for product "Enterprise Linux For Power Big Endian Eus" | 7.1_ppc64 Search vendor "Redhat" for product "Enterprise Linux For Power Big Endian Eus" and version "7.1_ppc64" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux For Power Little Endian Eus Search vendor "Redhat" for product "Enterprise Linux For Power Little Endian Eus" | 7.1_ppc64le Search vendor "Redhat" for product "Enterprise Linux For Power Little Endian Eus" and version "7.1_ppc64le" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Eus Search vendor "Redhat" for product "Enterprise Linux Server Eus" | 7.1 Search vendor "Redhat" for product "Enterprise Linux Server Eus" and version "7.1" | - |
Affected
| ||||||