Vulnerability Description
The tm_reclaim_thread function in arch/powerpc/kernel/process.c in the Linux kernel before 4.4.1 on powerpc platforms does not ensure that TM suspend mode exists before proceeding with a tm_reclaim call, which allows local users to cause a denial of service (TM Bad Thing exception and panic) via a crafted application.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | <= 4.4 |
| Suse | Suse Linux Enterprise Live Patching | 12.0 |
| Suse | Suse Linux Enterprise Module For Public Cloud | 12.0 |
| Suse | Suse Linux Enterprise Real Time Extension | 12 |
| Suse | Suse Linux Enterprise Software Development Kit | 12.0 |
| Suse | Suse Linux Enterprise Workstation Extension | 12.0 |
| Novell | Suse Linux Enterprise Desktop | 12.0 |
| Novell | Suse Linux Enterprise Server | 12.0 |
Related Weaknesses (CWE)
References
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7f821fVendor Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html
- http://rhn.redhat.com/errata/RHSA-2016-2574.html
- http://rhn.redhat.com/errata/RHSA-2016-2584.html
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.1
- http://www.openwall.com/lists/oss-security/2016/04/13/1
- http://www.securitytracker.com/id/1035594
- https://bugzilla.redhat.com/show_bug.cgi?id=1326540Issue Tracking
- https://github.com/torvalds/linux/commit/7f821fc9c77a9b01fe7b1d6e72717b33d8d6414PatchVendor Advisory
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7f821fVendor Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.htmlThird Party Advisory
FAQ
What is CVE-2015-8845?
CVE-2015-8845 is a vulnerability with a CVSS score of 5.5 (MEDIUM). The tm_reclaim_thread function in arch/powerpc/kernel/process.c in the Linux kernel before 4.4.1 on powerpc platforms does not ensure that TM suspend mode exists before proceeding with a tm_reclaim ca...
How severe is CVE-2015-8845?
CVE-2015-8845 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-8845?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Suse Suse Linux Enterprise Live Patching, Suse Suse Linux Enterprise Module For Public Cloud, Suse Suse Linux Enterprise Real Time Extension, Suse Suse Linux Enterprise Software Development Kit.