// For flags

CVE-2015-8543

kernel: IPv6 connect causes DoS via NULL pointer dereference

Severity Score

7.0
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The networking implementation in the Linux kernel through 4.3.3, as used in Android and other products, does not validate protocol identifiers for certain protocol families, which allows local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application.

La implementación de redes en el kernel de Linux hasta la versión 4.3.3, tal como se utiliza en Android y otros productos, no valida identificadores de protocolo para ciertas familias de protocolos, lo que permite a usuarios locales provocar una denegación de servicio (referencia a puntero de función NULL y caída de sistema) o posiblemente obtener privilegios mediante el aprovechamiento de soporte CLONE_NEWUSER para ejecutar una aplicación SOCK_RAW manipulada.

A NULL pointer dereference flaw was found in the way the Linux kernel's network subsystem handled socket creation with an invalid protocol identifier. A local user could use this flaw to crash the system.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Medium
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
Attack Vector
Local
Attack Complexity
Low
Authentication
Single
Confidentiality
None
Integrity
None
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2015-12-11 CVE Reserved
  • 2015-12-18 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-476: NULL Pointer Dereference
CAPEC
References (21)
URL Tag Source
http://www.openwall.com/lists/oss-security/2015/12/09/5 Mailing List
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html Third Party Advisory
http://www.securityfocus.com/bid/79698 Third Party Advisory
http://www.securitytracker.com/id/1034892 Third Party Advisory
URL Date SRC
URL Date SRC
URL Date SRC
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=79462ad02e861803b3840cc782248c7359451cd9 2023-06-07
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html 2023-06-07
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html 2023-06-07
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html 2023-06-07
http://rhn.redhat.com/errata/RHSA-2016-0855.html 2023-06-07
http://rhn.redhat.com/errata/RHSA-2016-2574.html 2023-06-07
http://rhn.redhat.com/errata/RHSA-2016-2584.html 2023-06-07
http://www.debian.org/security/2015/dsa-3426 2023-06-07
http://www.debian.org/security/2016/dsa-3434 2023-06-07
http://www.ubuntu.com/usn/USN-2886-1 2023-06-07
http://www.ubuntu.com/usn/USN-2888-1 2023-06-07
http://www.ubuntu.com/usn/USN-2890-1 2023-06-07
http://www.ubuntu.com/usn/USN-2890-2 2023-06-07
http://www.ubuntu.com/usn/USN-2890-3 2023-06-07
https://bugzilla.redhat.com/show_bug.cgi?id=1290475 2016-11-03
https://github.com/torvalds/linux/commit/79462ad02e861803b3840cc782248c7359451cd9 2023-06-07
https://access.redhat.com/security/cve/CVE-2015-8543 2016-11-03
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 < 3.2.75
Search vendor "Linux" for product "Linux Kernel" and version " < 3.2.75"
-
Affected
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 >= 3.3 < 3.4.111
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.3 < 3.4.111"
-
Affected
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 >= 3.5 < 3.10.95
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.5 < 3.10.95"
-
Affected
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 >= 3.11 < 3.12.52
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.11 < 3.12.52"
-
Affected
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 >= 3.13 < 3.14.59
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.13 < 3.14.59"
-
Affected
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 >= 3.15 < 3.16.35
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.15 < 3.16.35"
-
Affected
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 >= 3.17 < 3.18.26
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.17 < 3.18.26"
-
Affected
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 >= 3.19 < 4.1.16
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.19 < 4.1.16"
-
Affected
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 >= 4.2 < 4.3.4
Search vendor "Linux" for product "Linux Kernel" and version " >= 4.2 < 4.3.4"
-
Affected