Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2015-1573

Опубликовано: 16 янв. 2015
Источник: redhat
CVSS2: 2.4

Описание

The nft_flush_table function in net/netfilter/nf_tables_api.c in the Linux kernel before 3.18.5 mishandles the interaction between cross-chain jumps and ruleset flushes, which allows local users to cause a denial of service (panic) by leveraging the CAP_NET_ADMIN capability.

A flaw was found in the way the nft_flush_table() function of the Linux kernel's netfilter tables implementation flushed rules that were referencing deleted chains. A local user who has the CAP_NET_ADMIN capability could use this flaw to crash the system.

Отчет

This issue does not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5 and 6 (as they did not include support for netfilter tables API). This issue affects the versions of the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG 2. Future kernel updates for the respective releases may address this issue.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelNot affected
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernel-rtFixedRHSA-2015:113923.06.2015
Red Hat Enterprise Linux 7kernelFixedRHSA-2015:113723.06.2015
Red Hat Enterprise MRG 2kernel-rtFixedRHSA-2015:113823.06.2015

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-416
https://bugzilla.redhat.com/show_bug.cgi?id=1190966kernel: panic while flushing nftables rules that reference deleted chains.

2.4 Low

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2015-1573

CVSS3: 5.5
ubuntu
около 9 лет назад

The nft_flush_table function in net/netfilter/nf_tables_api.c in the Linux kernel before 3.18.5 mishandles the interaction between cross-chain jumps and ruleset flushes, which allows local users to cause a denial of service (panic) by leveraging the CAP_NET_ADMIN capability.

nvd логотип

CVE-2015-1573

CVSS3: 5.5
nvd
около 9 лет назад

The nft_flush_table function in net/netfilter/nf_tables_api.c in the Linux kernel before 3.18.5 mishandles the interaction between cross-chain jumps and ruleset flushes, which allows local users to cause a denial of service (panic) by leveraging the CAP_NET_ADMIN capability.

debian логотип

CVE-2015-1573

CVSS3: 5.5
debian
около 9 лет назад

The nft_flush_table function in net/netfilter/nf_tables_api.c in the L ...

github логотип

GHSA-395m-2555-53cr

CVSS3: 5.5
github
около 3 лет назад

The nft_flush_table function in net/netfilter/nf_tables_api.c in the Linux kernel before 3.18.5 mishandles the interaction between cross-chain jumps and ruleset flushes, which allows local users to cause a denial of service (panic) by leveraging the CAP_NET_ADMIN capability.

oracle-oval логотип

ELSA-2015-1137

oracle-oval
почти 10 лет назад

ELSA-2015-1137: kernel security and bug fix update (IMPORTANT)

2.4 Low

CVSS2