CVE-2015-6937

Опубликовано: 14 сент. 2015

Источник: redhat

CVSS2: 4.9

Описание

The __rds_conn_create function in net/rds/connection.c in the Linux kernel through 4.2.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound.

A NULL-pointer dereference vulnerability was discovered in the Linux kernel. The kernel's Reliable Datagram Sockets (RDS) protocol implementation did not verify that an underlying transport existed before creating a connection to a remote server. A local system user could exploit this flaw to crash the system by creating sockets at specific times to trigger a NULL pointer dereference.

Отчет

This issue did not affect kernel, kernel-rt, and realtime-kernel versions shipped with Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG as they do not include the Reliable Datagram Sockets (RDS) protocol implementation.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 5	kernel	Will not fix
Red Hat Enterprise Linux 6	kernel	Will not fix
Red Hat Enterprise Linux 7	kernel	Not affected
Red Hat Enterprise Linux 7	kernel-rt	Not affected
Red Hat Enterprise MRG 2	realtime-kernel	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-476

https://bugzilla.redhat.com/show_bug.cgi?id=1263139kernel: net: rds: NULL pointer dereference in net/rds/connection.c

4.9 Medium

CVSS2

Связанные уязвимости

CVE-2015-6937

ubuntu

больше 9 лет назад

CVE-2015-6937

nvd

больше 9 лет назад

CVE-2015-6937

debian

больше 9 лет назад

The __rds_conn_create function in net/rds/connection.c in the Linux ke ...

GHSA-vcw3-c24j-h6v5

github

около 3 лет назад

ELSA-2015-3098

oracle-oval

больше 9 лет назад

ELSA-2015-3098: Unbreakable Enterprise kernel security and bugfix update (IMPORTANT)

4.9 Medium

CVSS2