CVE-2015-2830 — LOW (1.9) — White Hats Nepal

Q: How severe is CVE-2015-2830?

CVE-2015-2830 has been rated LOW with a CVSS base score of 1.9/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2015-2830?

Check the references section above for vendor advisories and patch information. Affected products include: Debian Debian Linux, Linux Linux Kernel, Canonical Ubuntu Linux.

Vulnerability Description

arch/x86/kernel/entry_64.S in the Linux kernel before 3.19.2 does not prevent the TS_COMPAT flag from reaching a user-mode task, which might allow local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the (1) fork or (2) close system call, as demonstrated by an attack against seccomp before 3.16.

CVSS Score

1.9

LOW

AV:L/AC:M/Au:N/C:N/I:P/A:N

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE

Affected Products

Vendor	Product	Versions
Debian	Debian Linux	7.0
Linux	Linux Kernel	<= 3.19.1
Canonical	Ubuntu Linux	12.04

Related Weaknesses (CWE)

CWE-264

References

FAQ

What is CVE-2015-2830?

CVE-2015-2830 is a vulnerability with a CVSS score of 1.9 (LOW). arch/x86/kernel/entry_64.S in the Linux kernel before 3.19.2 does not prevent the TS_COMPAT flag from reaching a user-mode task, which might allow local users to bypass the seccomp or audit protection...

How severe is CVE-2015-2830?

CVE-2015-2830 has been rated LOW with a CVSS base score of 1.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-2830?

Check the references section above for vendor advisories and patch information. Affected products include: Debian Debian Linux, Linux Linux Kernel, Canonical Ubuntu Linux.