CVE-2015-8215

kernel: MTU value is not validated in IPv6 stack causing packet loss

Severity Score

5.0

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel before 4.0 does not validate attempted changes to the MTU value, which allows context-dependent attackers to cause a denial of service (packet loss) via a value that is (1) smaller than the minimum compliant value or (2) larger than the MTU of an interface, as demonstrated by a Router Advertisement (RA) message that is not validated by a daemon, a different vulnerability than CVE-2015-0272. NOTE: the scope of CVE-2015-0272 is limited to the NetworkManager product.

net/ipv6/addrconf.c en la pila IPv6 en el kernel Linux en versiones anteriores a 4.0 no valida los intentos de cambio del valor MTU, lo que permite a atacantes dependientes del contexto causar una denegación de servicio (pérdida de paquetes) a través de un valor que es (1) menor que el valor mínimo compatible o (2) más grande que la MTU de una interfaz, según lo demostrado por un mensaje Router Advertisement (RA) que no es validado por un demonio, una vulnerabilidad diferente a CVE-2015-0272. NOTA: el alcance de CVE-2015-0272 se limita al producto NetworkManager.

It was found that the Linux kernel's IPv6 network stack did not properly validate the value of the MTU variable when it was set. A remote attacker could potentially use this flaw to disrupt a target system's networking (packet loss) by setting an invalid MTU value, for example, via a NetworkManager daemon that is processing router advertisement packets running on the target system.

*Credits: N/A

CVSS Scores

NISTv2 5.0

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2015-11-16 CVE Reserved
2015-11-16 CVE Published
2023-12-16 EPSS Updated
2024-08-06 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-20: Improper Input Validation

CAPEC

References (17)

URL	Tag	Source
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html	X_refsource_confirm
http://www.securityfocus.com/bid/85274	Vdb Entry
https://bugs.launchpad.net/bugs/1500810	X_refsource_confirm
https://bugzilla.novell.com/show_bug.cgi?id=944296	X_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1192132	X_refsource_misc

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=77751427a1ff25b27d47a4c36b12c3c8667855ac	2017-11-04
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00005.html	2017-11-04
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00018.html	2017-11-04
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00026.html	2017-11-04
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00031.html	2017-11-04
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00013.html	2017-11-04
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html	2017-11-04
http://rhn.redhat.com/errata/RHSA-2016-0855.html	2017-11-04
http://www.debian.org/security/2015/dsa-3364	2017-11-04
https://github.com/torvalds/linux/commit/77751427a1ff25b27d47a4c36b12c3c8667855ac	2017-11-04
https://access.redhat.com/security/cve/CVE-2015-8215	2016-05-10
https://bugzilla.redhat.com/show_bug.cgi?id=1283253	2016-05-10

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				<= 3.19 Search vendor "Linux" for product "Linux Kernel" and version " <= 3.19"		-		Affected