Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2015-5156

Опубликовано: 06 авг. 2015
Источник: redhat
CVSS2: 6.8
EPSS Низкий

Описание

The virtnet_probe function in drivers/net/virtio_net.c in the Linux kernel before 4.2 attempts to support a FRAGLIST feature without proper memory allocation, which allows guest OS users to cause a denial of service (buffer overflow and memory corruption) via a crafted sequence of fragmented packets.

A buffer overflow flaw was found in the way the Linux kernel's virtio-net subsystem handled certain fraglists when the GRO (Generic Receive Offload) functionality was enabled in a bridged network configuration. An attacker on the local network could potentially use this flaw to crash the system, or, although unlikely, elevate their privileges on the system.

Отчет

This issue did not affect the Linux kernel packages as shipped with Red Hat Enterprise MRG 2. This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelWill not fix
Red Hat Enterprise MRG 2realtime-kernelNot affected
Red Hat Enterprise Linux 6kernelFixedRHSA-2016:085510.05.2016
Red Hat Enterprise Linux 7kernel-rtFixedRHSA-2015:197703.11.2015
Red Hat Enterprise Linux 7kernelFixedRHSA-2015:197803.11.2015

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-122
https://bugzilla.redhat.com/show_bug.cgi?id=1243852kernel: buffer overflow with fraglist larger than MAX_SKB_FRAGS + 2 in virtio-net

EPSS

Процентиль: 45%
0.00221
Низкий

6.8 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2015-5156

ubuntu
больше 9 лет назад

The virtnet_probe function in drivers/net/virtio_net.c in the Linux kernel before 4.2 attempts to support a FRAGLIST feature without proper memory allocation, which allows guest OS users to cause a denial of service (buffer overflow and memory corruption) via a crafted sequence of fragmented packets.

nvd логотип

CVE-2015-5156

nvd
больше 9 лет назад

The virtnet_probe function in drivers/net/virtio_net.c in the Linux kernel before 4.2 attempts to support a FRAGLIST feature without proper memory allocation, which allows guest OS users to cause a denial of service (buffer overflow and memory corruption) via a crafted sequence of fragmented packets.

debian логотип

CVE-2015-5156

debian
больше 9 лет назад

The virtnet_probe function in drivers/net/virtio_net.c in the Linux ke ...

github логотип

GHSA-hm78-pq45-736h

github
около 3 лет назад

The virtnet_probe function in drivers/net/virtio_net.c in the Linux kernel before 4.2 attempts to support a FRAGLIST feature without proper memory allocation, which allows guest OS users to cause a denial of service (buffer overflow and memory corruption) via a crafted sequence of fragmented packets.

oracle-oval логотип

ELSA-2015-3094

oracle-oval
больше 9 лет назад

ELSA-2015-3094: Unbreakable Enterprise kernel security update (MODERATE)

EPSS

Процентиль: 45%
0.00221
Низкий

6.8 Medium

CVSS2