Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2015-8324

Опубликовано: 23 нояб. 2015
Источник: redhat
CVSS2: 4.9

Описание

The ext4 implementation in the Linux kernel before 2.6.34 does not properly track the initialization of certain data structures, which allows physically proximate attackers to cause a denial of service (NULL pointer dereference and panic) via a crafted USB device, related to the ext4_fill_super function.

A NULL pointer dereference flaw was found in the way the Linux kernel's ext4 file system driver handled certain corrupted file system images. An attacker with physical access to the system could use this flaw to crash the system.

Отчет

This problem did not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 7 and MRG-2.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelNot affected
Red Hat Enterprise Linux 7kernelNot affected
Red Hat Enterprise Linux 7kernel-rtNot affected
Red Hat Enterprise MRG 2realtime-kernelNot affected
Red Hat Enterprise Linux 6kernelFixedRHSA-2016:085510.05.2016

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-476
https://bugzilla.redhat.com/show_bug.cgi?id=1267261kernel: Null pointer dereference when mounting ext4

4.9 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2015-8324

CVSS3: 4.6
ubuntu
около 9 лет назад

The ext4 implementation in the Linux kernel before 2.6.34 does not properly track the initialization of certain data structures, which allows physically proximate attackers to cause a denial of service (NULL pointer dereference and panic) via a crafted USB device, related to the ext4_fill_super function.

nvd логотип

CVE-2015-8324

CVSS3: 4.6
nvd
около 9 лет назад

The ext4 implementation in the Linux kernel before 2.6.34 does not properly track the initialization of certain data structures, which allows physically proximate attackers to cause a denial of service (NULL pointer dereference and panic) via a crafted USB device, related to the ext4_fill_super function.

debian логотип

CVE-2015-8324

CVSS3: 4.6
debian
около 9 лет назад

The ext4 implementation in the Linux kernel before 2.6.34 does not pro ...

github логотип

GHSA-f6x7-vppw-cjgq

CVSS3: 4.6
github
около 3 лет назад

The ext4 implementation in the Linux kernel before 2.6.34 does not properly track the initialization of certain data structures, which allows physically proximate attackers to cause a denial of service (NULL pointer dereference and panic) via a crafted USB device, related to the ext4_fill_super function.

oracle-oval логотип

ELSA-2016-3567

oracle-oval
около 9 лет назад

ELSA-2016-3567: Unbreakable Enterprise kernel security update (IMPORTANT)

4.9 Medium

CVSS2