CVE-2015-8543 — HIGH (7.0) — White Hats Nepal

Q: How severe is CVE-2015-8543?

CVE-2015-8543 has been rated HIGH with a CVSS base score of 7.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2015-8543?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.

Vulnerability Description

The networking implementation in the Linux kernel through 4.3.3, as used in Android and other products, does not validate protocol identifiers for certain protocol families, which allows local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application.

CVSS Score

7.0

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Linux	Linux Kernel	< 3.2.75

References

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=79462aVendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.htmlMailing ListThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0855.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-2574.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-2584.htmlThird Party Advisory
http://www.debian.org/security/2015/dsa-3426Third Party Advisory
http://www.debian.org/security/2016/dsa-3434Third Party Advisory
http://www.openwall.com/lists/oss-security/2015/12/09/5Mailing ListThird Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.hThird Party Advisory
http://www.securityfocus.com/bid/79698Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1034892Third Party AdvisoryVDB Entry
http://www.ubuntu.com/usn/USN-2886-1Third Party Advisory
http://www.ubuntu.com/usn/USN-2888-1Third Party Advisory

FAQ

What is CVE-2015-8543?

CVE-2015-8543 is a vulnerability with a CVSS score of 7.0 (HIGH). The networking implementation in the Linux kernel through 4.3.3, as used in Android and other products, does not validate protocol identifiers for certain protocol families, which allows local users t...

How severe is CVE-2015-8543?

CVE-2015-8543 has been rated HIGH with a CVSS base score of 7.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-8543?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.