CVE-2015-7613 — MEDIUM (6.9)

Q: How severe is CVE-2015-7613?

CVE-2015-7613 has been rated MEDIUM with a CVSS base score of 6.9/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2015-7613?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.

Vulnerability Description

Race condition in the IPC object implementation in the Linux kernel through 4.2.3 allows local users to gain privileges by triggering an ipc_addid call that leads to uid and gid comparisons against uninitialized data, related to msg.c, shm.c, and util.c.

CVSS Score

6.9

MEDIUM

AV:L/AC:M/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Linux	Linux Kernel	< 3.2.72

Related Weaknesses (CWE)

CWE-362

References

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b9a532Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00009.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00026.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00027.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00028.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00029.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00030.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00031.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00032.htmlMailing ListThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-2636.htmlThird Party Advisory
http://www.debian.org/security/2015/dsa-3372Third Party Advisory
http://www.openwall.com/lists/oss-security/2015/10/01/8ExploitMailing ListThird Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.hThird Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.hThird Party Advisory
http://www.securityfocus.com/bid/76977Third Party AdvisoryVDB Entry

FAQ

What is CVE-2015-7613?

CVE-2015-7613 is a vulnerability with a CVSS score of 6.9 (MEDIUM). Race condition in the IPC object implementation in the Linux kernel through 4.2.3 allows local users to gain privileges by triggering an ipc_addid call that leads to uid and gid comparisons against un...

How severe is CVE-2015-7613?

CVE-2015-7613 has been rated MEDIUM with a CVSS base score of 6.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-7613?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.