Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2015-7613

Опубликовано: 01 окт. 2015
Источник: redhat
CVSS2: 6.2
EPSS Низкий

Описание

Race condition in the IPC object implementation in the Linux kernel through 4.2.3 allows local users to gain privileges by triggering an ipc_addid call that leads to uid and gid comparisons against uninitialized data, related to msg.c, shm.c, and util.c.

A race condition flaw was found in the way the Linux kernel's IPC subsystem initialized certain fields in an IPC object structure that were later used for permission checking before inserting the object into a globally visible list. A local, unprivileged user could potentially use this flaw to elevate their privileges on the system.

Отчет

This issue does not affect the Linux kernels as shipped with Red Hat Enterprise Linux 5. This issue affects the Linux kernels as shipped with Red Hat Enterprise Linux 6, 7 and Red Hat MRG 2 kernels. Future kernel updates for the respective releases may address this issue.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelNot affected
Red Hat Enterprise MRG 2kernel-rtAffected
Red Hat Enterprise Linux 6kernelFixedRHSA-2015:263615.12.2015
Red Hat Enterprise Linux 7kernel-rtFixedRHSA-2015:241119.11.2015
Red Hat Enterprise Linux 7kernelFixedRHSA-2015:215219.11.2015
Red Hat Enterprise Linux 7.1 Extended Update SupportkernelFixedRHSA-2015:258709.12.2015

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-732
https://bugzilla.redhat.com/show_bug.cgi?id=1268270kernel: Unauthorized access to IPC objects with SysV shm

EPSS

Процентиль: 33%
0.00124
Низкий

6.2 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2015-7613

ubuntu
больше 9 лет назад

Race condition in the IPC object implementation in the Linux kernel through 4.2.3 allows local users to gain privileges by triggering an ipc_addid call that leads to uid and gid comparisons against uninitialized data, related to msg.c, shm.c, and util.c.

nvd логотип

CVE-2015-7613

nvd
больше 9 лет назад

Race condition in the IPC object implementation in the Linux kernel through 4.2.3 allows local users to gain privileges by triggering an ipc_addid call that leads to uid and gid comparisons against uninitialized data, related to msg.c, shm.c, and util.c.

debian логотип

CVE-2015-7613

debian
больше 9 лет назад

Race condition in the IPC object implementation in the Linux kernel th ...

github логотип

GHSA-c9h8-jpjh-qq7q

github
около 3 лет назад

Race condition in the IPC object implementation in the Linux kernel through 4.2.3 allows local users to gain privileges by triggering an ipc_addid call that leads to uid and gid comparisons against uninitialized data, related to msg.c, shm.c, and util.c.

suse-cvrf логотип

SUSE-SU-2015:2091-1

suse-cvrf
больше 9 лет назад

Security update for Linux Kernel Live Patch 2

EPSS

Процентиль: 33%
0.00124
Низкий

6.2 Medium

CVSS2