// For flags

CVE-2015-4700

kernel: Crafted BPF filters may crash kernel during JIT optimisation

Severity Score

4.9
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The bpf_int_jit_compile function in arch/x86/net/bpf_jit_comp.c in the Linux kernel before 4.0.6 allows local users to cause a denial of service (system crash) by creating a packet filter and then loading crafted BPF instructions that trigger late convergence by the JIT compiler.

Vulnerabilidad en la función bpf_int_jit_compile en arch/x86/net/bpf_jit_comp.c en el kernel de Linux en versiones anteriores a 4.0.6, permite a usuarios locales causar una denegación de servicio (caída del sistema) mediante la creación de un filtro de paquetes y después cargando instrucciones BPF manipuladas que desencadenan la convergencia tardía por el compilador JIT.

A flaw was found in the kernel's implementation of the Berkeley Packet Filter (BPF). A local attacker could craft BPF code to crash the system by creating a situation in which the JIT compiler would fail to correctly optimize the JIT image on the last pass. This would lead to the CPU executing instructions that were not part of the JIT code.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Complete
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2015-06-19 CVE Reserved
  • 2015-07-07 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-17: DEPRECATED: Code
  • CWE-665: Improper Initialization
CAPEC
References (27)
URL Tag Source
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3f7352bf21f8fd7ba3e2fcef9488756f188e12be X_refsource_confirm
http://www.openwall.com/lists/oss-security/2015/06/23/2 Mailing List
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html X_refsource_confirm
http://www.securityfocus.com/bid/75356 Vdb Entry
http://www.securitytracker.com/id/1033046 Vdb Entry
https://github.com/torvalds/linux/commit/3f7352bf21f8fd7ba3e2fcef9488756f188e12be X_refsource_confirm
https://support.f5.com/csp/article/K05211147 X_refsource_confirm
URL Date SRC
URL Date SRC
URL Date SRC
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.html 2019-04-08
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html 2019-04-08
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html 2019-04-08
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00007.html 2019-04-08
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00008.html 2019-04-08
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.html 2019-04-08
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00010.html 2019-04-08
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00011.html 2019-04-08
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00018.html 2019-04-08
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00021.html 2019-04-08
http://rhn.redhat.com/errata/RHSA-2015-1778.html 2019-04-08
http://www.debian.org/security/2015/dsa-3329 2019-04-08
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.6 2019-04-08
http://www.ubuntu.com/usn/USN-2679-1 2019-04-08
http://www.ubuntu.com/usn/USN-2680-1 2019-04-08
http://www.ubuntu.com/usn/USN-2681-1 2019-04-08
http://www.ubuntu.com/usn/USN-2683-1 2019-04-08
http://www.ubuntu.com/usn/USN-2684-1 2019-04-08
https://bugzilla.redhat.com/show_bug.cgi?id=1233615 2015-09-15
https://access.redhat.com/security/cve/CVE-2015-4700 2015-09-15
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 <= 4.0.5
Search vendor "Linux" for product "Linux Kernel" and version " <= 4.0.5"
-
Affected