CVE-2015-6526

Опубликовано: 13 апр. 2015

Источник: redhat

CVSS2: 4.9

EPSS Низкий

Описание

The perf_callchain_user_64 function in arch/powerpc/perf/callchain.c in the Linux kernel before 4.0.2 on ppc64 platforms allows local users to cause a denial of service (infinite loop) via a deep 64-bit userspace backtrace.

A flaw was found in the way the Linux kernel's perf subsystem retrieved userlevel stack traces on PowerPC systems. A local, unprivileged user could use this flaw to cause a denial of service on the system by creating a special stack layout that would force the perf_callchain_user_64() function into an infinite loop.

Отчет

This issue does not affect the Linux kernels as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2. This issue affects the Linux kernels as shipped with Red Hat Enterprise Linux 7 and may be addressed in a future update.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 4	kernel	Not affected
Red Hat Enterprise Linux 5	kernel	Not affected
Red Hat Enterprise Linux 6	kernel	Not affected
Red Hat Enterprise Linux 7	kernel-rt	Not affected
Red Hat Enterprise MRG 2	realtime-kernel	Not affected
Red Hat Enterprise Linux 7	kernel	Fixed	RHSA-2015:2152	19.11.2015

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-835

https://bugzilla.redhat.com/show_bug.cgi?id=1218454kernel: perf on ppc64 can loop forever getting userlevel stacktraces

EPSS

Процентиль: 12%

0.00042

Низкий

4.9 Medium

CVSS2

Связанные уязвимости

CVE-2015-6526

ubuntu

почти 10 лет назад

CVE-2015-6526

nvd

почти 10 лет назад

CVE-2015-6526

debian

почти 10 лет назад

The perf_callchain_user_64 function in arch/powerpc/perf/callchain.c i ...

GHSA-q8q6-vq5m-jhx5

github

около 3 лет назад

ELSA-2015-2152

oracle-oval

больше 9 лет назад

ELSA-2015-2152: kernel security, bug fix, and enhancement update (IMPORTANT)

EPSS

Процентиль: 12%

0.00042

Низкий

4.9 Medium

CVSS2