Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2015-8830

Опубликовано: 21 мар. 2015
Источник: redhat
CVSS2: 4.9
EPSS Низкий

Описание

Integer overflow in the aio_setup_single_vector function in fs/aio.c in the Linux kernel 4.0 allows local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec. NOTE: this vulnerability exists because of a CVE-2012-6701 regression.

Отчет

This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, as the related AIO vector code is not present in this product. This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7. Future Linux kernel updates for the respective releases might address this issue. This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux MRG-2. This flaw is not currently planned to be addressed in future updates due to MRG-2 being an EUS release. For additional information, refer to the Extended Update Support (EUS) Guide: https://access.redhat.com/articles/rhel-eus.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelNot affected
Red Hat Enterprise MRG 2realtime-kernelWill not fix
Red Hat Enterprise Linux 6kernelFixedRHSA-2018:185419.06.2018
Red Hat Enterprise Linux 7kernel-rtFixedRHSA-2018:309630.10.2018
Red Hat Enterprise Linux 7kernelFixedRHSA-2018:308330.10.2018

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-190
https://bugzilla.redhat.com/show_bug.cgi?id=1314275kernel: AIO write triggers integer overflow in some protocols

EPSS

Процентиль: 12%
0.0004
Низкий

4.9 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2015-8830

CVSS3: 7.8
ubuntu
около 9 лет назад

Integer overflow in the aio_setup_single_vector function in fs/aio.c in the Linux kernel 4.0 allows local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec. NOTE: this vulnerability exists because of a CVE-2012-6701 regression.

nvd логотип

CVE-2015-8830

CVSS3: 7.8
nvd
около 9 лет назад

Integer overflow in the aio_setup_single_vector function in fs/aio.c in the Linux kernel 4.0 allows local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec. NOTE: this vulnerability exists because of a CVE-2012-6701 regression.

debian логотип

CVE-2015-8830

CVSS3: 7.8
debian
около 9 лет назад

Integer overflow in the aio_setup_single_vector function in fs/aio.c i ...

github логотип

GHSA-r5v3-qw78-36cj

CVSS3: 7.8
github
около 3 лет назад

Integer overflow in the aio_setup_single_vector function in fs/aio.c in the Linux kernel 4.0 allows local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec. NOTE: this vulnerability exists because of a CVE-2012-6701 regression.

oracle-oval логотип

ELSA-2018-1854

oracle-oval
почти 7 лет назад

ELSA-2018-1854: kernel security and bug fix update (IMPORTANT)

EPSS

Процентиль: 12%
0.0004
Низкий

4.9 Medium

CVSS2