CVE-2015-8660

Опубликовано: 04 дек. 2015

Источник: redhat

CVSS2: 6

EPSS Средний

Описание

The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application.

Отчет

This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6 as the code with the flaw is not present in the products listed. This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG 2 as the due updates to fix this issue have been shipped now.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	kernel	Not affected
Red Hat Enterprise Linux 6	kernel	Not affected
Red Hat Enterprise Linux 7	kernel-rt	Fixed	RHSA-2016:1541	02.08.2016
Red Hat Enterprise Linux 7	kernel	Fixed	RHSA-2016:1539	02.08.2016
Red Hat Enterprise MRG 2	kernel-rt	Fixed	RHSA-2016:1532	02.08.2016

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-732

https://bugzilla.redhat.com/show_bug.cgi?id=1291329kernel: Permission bypass on overlayfs during copy_up

EPSS

Процентиль: 98%

0.65916

Средний

6 Medium

CVSS2

Связанные уязвимости

CVE-2015-8660

CVSS3: 6.7

ubuntu

больше 9 лет назад

CVE-2015-8660

CVSS3: 6.7

nvd

больше 9 лет назад

CVE-2015-8660

CVSS3: 6.7

debian

больше 9 лет назад

The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel t ...

GHSA-2m7p-qcqr-gfv2

CVSS3: 6.7

github

около 3 лет назад

ELSA-2016-3593

oracle-oval

почти 9 лет назад

ELSA-2016-3593: Unbreakable Enterprise kernel security update (IMPORTANT)

EPSS

Процентиль: 98%

0.65916

Средний

6 Medium

CVSS2