CVE-2015-7550
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The keyctl_read_key function in security/keys/keyctl.c in the Linux kernel before 4.3.4 does not properly use a semaphore, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted application that leverages a race condition between keyctl_revoke and keyctl_read calls.
La función keyctl_read_key en security/keys/keyctl.c en el kernel de Linux en versiones anteriores a 4.3.4 no utiliza adecuadamente un semáforo, lo que permite a usuarios locales provocar una denegación de servicio (referencia a puntero NULL y caída del sistema) o posiblemente tiene otro impacto no especificado a través de una aplicación manipulada que aprovecha una condición de carrera entre llamadas keyctl_revoke y keyctl_read.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-09-29 CVE Reserved
- 2016-01-05 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CAPEC
References (16)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/79903 | Vdb Entry | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1291197 | X_refsource_confirm | |
| https://github.com/torvalds/linux/commit/b4a1b4f5047e4f54e194681125c74c0aa64d637d | X_refsource_confirm | |
| https://security-tracker.debian.org/tracker/CVE-2015-7550 | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | <= 4.3.3 Search vendor "Linux" for product "Linux Kernel" and version " <= 4.3.3" | - |
Affected
| ||||||