Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2015-7990

Опубликовано: 16 окт. 2015
Источник: redhat
CVSS2: 6.3

Описание

Race condition in the rds_sendmsg function in net/rds/sendmsg.c in the Linux kernel before 4.3.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6937.

A denial of service flaw was discovered in the Linux kernel, where a race condition caused a NULL pointer dereference in the RDS socket-creation code. A local attacker could use this flaw to create a situation in which a NULL pointer crashed the kernel.

Отчет

This issue affects Red Hat enterprise Linux 5 and 6. The affected code is not available in 7, MRG and realtime kernels.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelWill not fix
Red Hat Enterprise Linux 6kernelWill not fix
Red Hat Enterprise Linux 7kernelNot affected
Red Hat Enterprise Linux 7kernel-rtNot affected
Red Hat Enterprise MRG 2kernel-rtNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-476
https://bugzilla.redhat.com/show_bug.cgi?id=1276437kernel: Race condition when sending message on unbound socket causing NULL pointer dereference

6.3 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2015-7990

CVSS3: 5.8
ubuntu
около 10 лет назад

Race condition in the rds_sendmsg function in net/rds/sendmsg.c in the Linux kernel before 4.3.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6937.

nvd логотип

CVE-2015-7990

CVSS3: 5.8
nvd
около 10 лет назад

Race condition in the rds_sendmsg function in net/rds/sendmsg.c in the Linux kernel before 4.3.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6937.

debian логотип

CVE-2015-7990

CVSS3: 5.8
debian
около 10 лет назад

Race condition in the rds_sendmsg function in net/rds/sendmsg.c in the ...

github логотип

GHSA-ggf3-232m-5283

CVSS3: 5.8
github
больше 3 лет назад

Race condition in the rds_sendmsg function in net/rds/sendmsg.c in the Linux kernel before 4.3.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6937.

suse-cvrf логотип

openSUSE-SU-2015:2232-1

suse-cvrf
около 10 лет назад

Security update for the Linux Kernel

6.3 Medium

CVSS2