CVE-2015-7553

Опубликовано: 15 дек. 2015

Источник: redhat

CVSS2: 4.9

Описание

Race condition in the kernel in Red Hat Enterprise Linux 7, kernel-rt and Red Hat Enterprise MRG 2, when the nfnetlink_log module is loaded, allows local users to cause a denial of service (panic) by creating netlink sockets.

A race-condition flaw was discovered in the kernel's netlink module creation, which can trigger a kernel panic in netlink_release->module_put for local users creating netlink sockets. The flaw is specific to Red Hat Enterprise Linux and does not affect upstream kernels. The nfnetlink_log module must be loaded before the flaw can occur.

Отчет

This issue does not affect Red Hat Enterprise Linux 5 and 6. This issue affects the Linux kernels as shipped with Red Hat Enterprise Linux 7, kernel-rt and Red Hat Enterprise MRG 2 and may be addressed in a future update.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	kernel	Not affected
Red Hat Enterprise Linux 6	kernel	Not affected
Red Hat Enterprise Linux 7	kernel-rt	Affected
Red Hat Enterprise MRG 2	realtime-kernel	Affected
Red Hat Enterprise Linux 7	kernel	Fixed	RHSA-2015:2152	19.11.2015

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-362

https://bugzilla.redhat.com/show_bug.cgi?id=1288934kernel: nfnetlink race in NETLINK_NFLOG socket creation

4.9 Medium

CVSS2

Связанные уязвимости

CVE-2015-7553

CVSS3: 4.7

ubuntu

больше 8 лет назад

CVE-2015-7553

CVSS3: 4.7

nvd

больше 8 лет назад

CVE-2015-7553

CVSS3: 4.7

debian

больше 8 лет назад

Race condition in the kernel in Red Hat Enterprise Linux 7, kernel-rt ...

GHSA-c35m-qv8m-73h9

CVSS3: 4.7

github

больше 3 лет назад

4.9 Medium

CVSS2