CVE-2015-8967

Опубликовано: 08 дек. 2016

Источник: redhat

CVSS3: 7.8

CVSS2: 6.9

EPSS Низкий

Описание

arch/arm64/kernel/sys.c in the Linux kernel before 4.0 allows local users to bypass the "strict page permissions" protection mechanism and modify the system-call table, and consequently gain privileges, by leveraging write access.

A flaw in 'arch/arm64/kernel/sys.c' in the Linux kernel allows local users to bypass the 'strict page permissions' protection mechanism and modify the system-call table and, consequently, gain privileges by leveraging write access.

Отчет

This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6 as code with the flaw is not present in the products listed. This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG-2 as code with the flaw is not built and shipped in the products listed.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 5	kernel	Not affected
Red Hat Enterprise Linux 6	kernel	Not affected
Red Hat Enterprise Linux 7	kernel	Not affected
Red Hat Enterprise Linux 7	kernel-rt	Not affected
Red Hat Enterprise MRG 2	realtime-kernel	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important

Дефект:

CWE-471

https://bugzilla.redhat.com/show_bug.cgi?id=1404284kernel: arm64: Strict page permission bypass

EPSS

Процентиль: 22%

0.00072

Низкий

7.8 High

CVSS3

6.9 Medium

CVSS2

Связанные уязвимости

CVE-2015-8967

CVSS3: 7.8

ubuntu

около 9 лет назад

CVE-2015-8967

CVSS3: 7.8

nvd

около 9 лет назад

CVE-2015-8967

CVSS3: 7.8

debian

около 9 лет назад

arch/arm64/kernel/sys.c in the Linux kernel before 4.0 allows local us ...

GHSA-34c2-924w-2mw6

CVSS3: 7.8

github

больше 3 лет назад

EPSS

Процентиль: 22%

0.00072

Низкий

7.8 High

CVSS3

6.9 Medium

CVSS2