CVE-2015-5697

Severity Score

2.1

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The get_bitmap_file function in drivers/md/md.c in the Linux kernel before 4.1.6 does not initialize a certain bitmap data structure, which allows local users to obtain sensitive information from kernel memory via a GET_BITMAP_FILE ioctl call.

Vulnerabilidad en la función get_bitmap en drivers/md/md.c en el kernel de Linux en versiones anteriores a 4.1.6, no inicializa una cierta estructura de datos de mapa de bits, lo que permite a usuarios locales obtener información sensible de la memoria del kernel a través de una llamada a GET_BITMAP_FILE de ioctl .

*Credits: N/A

CVSS Scores

NISTv2 2.1

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2015-07-29 CVE Reserved
2015-08-07 CVE Published
2023-03-08 EPSS Updated
2024-08-06 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CAPEC

References (21)

URL	Tag	Source
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b6878d9e03043695dbf3fa1caa6dfc09db225b16	X_refsource_confirm
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.6	X_refsource_confirm
http://www.openwall.com/lists/oss-security/2015/07/28/2	Mailing List
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html	X_refsource_confirm
http://www.securityfocus.com/bid/76066	Vdb Entry
http://www.securitytracker.com/id/1033211	Vdb Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1249011	X_refsource_confirm
https://github.com/torvalds/linux/commit/b6878d9e03043695dbf3fa1caa6dfc09db225b16	X_refsource_confirm

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163661.html	2017-09-21
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163711.html	2017-09-21
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164137.html	2017-09-21
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164193.html	2017-09-21
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00009.html	2017-09-21
http://www.debian.org/security/2015/dsa-3329	2017-09-21
http://www.ubuntu.com/usn/USN-2731-1	2017-09-21
http://www.ubuntu.com/usn/USN-2732-1	2017-09-21
http://www.ubuntu.com/usn/USN-2748-1	2017-09-21
http://www.ubuntu.com/usn/USN-2749-1	2017-09-21
http://www.ubuntu.com/usn/USN-2751-1	2017-09-21
http://www.ubuntu.com/usn/USN-2752-1	2017-09-21
http://www.ubuntu.com/usn/USN-2777-1	2017-09-21

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				<= 4.1.5 Search vendor "Linux" for product "Linux Kernel" and version " <= 4.1.5"		-		Affected