csaf_redhat - rhsa-2015

rhsa-2015_1564

Vulnerability from csaf_redhat

Published

2015-08-05 18:49

Modified

2024-09-13 10:37

Summary

Red Hat Security Advisory: kernel-rt security, bug fix, and enhancement update

Notes

Topic

Updated kernel-rt packages that fix three security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise MRG 2.5. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

Details

The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. * An integer overflow flaw was found in the way the Linux kernel's netfilter connection tracking implementation loaded extensions. An attacker on a local network could potentially send a sequence of specially crafted packets that would initiate the loading of a large number of extensions, causing the targeted system in that network to crash. (CVE-2014-9715, Moderate) * It was found that the Linux kernel's ping socket implementation did not properly handle socket unhashing during spurious disconnects, which could lead to a use-after-free flaw. On x86-64 architecture systems, a local user able to create ping sockets could use this flaw to crash the system. On non-x86-64 architecture systems, a local user able to create ping sockets could use this flaw to escalate their privileges on the system. (CVE-2015-3636, Moderate) * It was found that the Linux kernel's TCP/IP protocol suite implementation for IPv6 allowed the Hop Limit value to be set to a smaller value than the default one. An attacker on a local network could use this flaw to prevent systems on that network from sending or receiving network packets. (CVE-2015-2922, Low) Red Hat would like to thank Nathan Hoad for reporting the CVE-2014-9715 issue. This update provides a build of the kernel-rt package for Red Hat Enterprise MRG 2.5 that is layered on Red Hat Enterprise Linux 6, and fixes the following issues: * drbg: Add stdrng alias and increase priority * seqiv / eseqiv / chainiv: Move IV seeding into init function * ipv4: kABI fix for 0bbf87d backport * ipv4: Convert ipv4.ip_local_port_range to be per netns * libceph: tcp_nodelay support * ipr: Increase default adapter init stage change timeout * fix use-after-free bug in usb_hcd_unlink_urb() * libceph: fix double __remove_osd() problem * ext4: fix data corruption caused by unwritten and delayed extents * sunrpc: Add missing support for RPC_CLNT_CREATE_NO_RETRANS_TIMEOUT * nfs: Fixing lease renewal (Benjamin Coddington) * control hard lockup detection default * Fix print-once on enable * watchdog: update watchdog_thresh properly and watchdog attributes atomically * module: Call module notifier on failure after complete_formation() (BZ#1230403) This update also fixes the following bugs: * Non-standard usage of the functions write_seqcount_{begin,end}() were used in NFSv4, which caused the realtime code to try to sleep while locks were held and produced the "scheduling while atomic" messages. The code was modified to use the functions __write_seqcount_{begin,end}() that do not hold any locks removing the message and allowing correct execution. (BZ#1225642) * Dracut in Red Hat Enterprise Linux 6 has a dependency on a module called scsi_wait_scan that no longer exists on 3.x kernels. This caused the system to display misleading messages at start-up when the obsoleted scsi_wait_scan module was not found. To address this issue, MRG Realtime provides a dummy scsi_wait_scan module so that the requirements for the initramfs created by dracut are met and the boot messages are no longer displayed. (BZ#1230403) All kernel-rt users are advised to upgrade to these updated packages, which correct these issues and add these enhancements. The system must be rebooted for this update to take effect.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated kernel-rt packages that fix three security issues, several bugs,\nand add various enhancements are now available for Red Hat Enterprise MRG\n2.5.\n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The kernel-rt packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* An integer overflow flaw was found in the way the Linux kernel\u0027s\nnetfilter connection tracking implementation loaded extensions. An attacker\non a local network could potentially send a sequence of specially crafted\npackets that would initiate the loading of a large number of extensions,\ncausing the targeted system in that network to crash. (CVE-2014-9715,\nModerate)\n\n* It was found that the Linux kernel\u0027s ping socket implementation did not\nproperly handle socket unhashing during spurious disconnects, which could\nlead to a use-after-free flaw. On x86-64 architecture systems, a local user\nable to create ping sockets could use this flaw to crash the system.\nOn non-x86-64 architecture systems, a local user able to create ping\nsockets could use this flaw to escalate their privileges on the system.\n(CVE-2015-3636, Moderate)\n\n* It was found that the Linux kernel\u0027s TCP/IP protocol suite implementation\nfor IPv6 allowed the Hop Limit value to be set to a smaller value than the\ndefault one. An attacker on a local network could use this flaw to prevent\nsystems on that network from sending or receiving network packets.\n(CVE-2015-2922, Low)\n\nRed Hat would like to thank Nathan Hoad for reporting the CVE-2014-9715\nissue.\n\nThis update provides a build of the kernel-rt package for Red Hat\nEnterprise MRG 2.5 that is layered on Red Hat Enterprise Linux 6, and fixes\nthe following issues:\n\n* drbg: Add stdrng alias and increase priority\n* seqiv / eseqiv / chainiv: Move IV seeding into init function\n* ipv4: kABI fix for 0bbf87d backport\n* ipv4: Convert ipv4.ip_local_port_range to be per netns\n* libceph: tcp_nodelay support\n* ipr: Increase default adapter init stage change timeout\n* fix use-after-free bug in usb_hcd_unlink_urb()\n* libceph: fix double __remove_osd() problem\n* ext4: fix data corruption caused by unwritten and delayed extents\n* sunrpc: Add missing support for RPC_CLNT_CREATE_NO_RETRANS_TIMEOUT\n* nfs: Fixing lease renewal (Benjamin Coddington)\n* control hard lockup detection default\n* Fix print-once on enable\n* watchdog: update watchdog_thresh properly and watchdog attributes\n  atomically\n* module: Call module notifier on failure after complete_formation()\n\n(BZ#1230403)\n\nThis update also fixes the following bugs:\n\n* Non-standard usage of the functions write_seqcount_{begin,end}() were\nused in NFSv4, which caused the realtime code to try to sleep while locks\nwere held and produced the \"scheduling while atomic\" messages. The code was\nmodified to use the functions __write_seqcount_{begin,end}() that do not\nhold any locks removing the message and allowing correct execution.\n(BZ#1225642)\n\n* Dracut in Red Hat Enterprise Linux 6 has a dependency on a module called\nscsi_wait_scan that no longer exists on 3.x kernels. This caused the system\nto display misleading messages at start-up when the obsoleted\nscsi_wait_scan module was not found. To address this issue, MRG Realtime\nprovides a dummy scsi_wait_scan module so that the requirements for the\ninitramfs created by dracut are met and the boot messages are no longer\ndisplayed. (BZ#1230403)\n\nAll kernel-rt users are advised to upgrade to these updated packages, which\ncorrect these issues and add these enhancements. The system must be\nrebooted for this update to take effect.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2015:1564",
        "url": "https://access.redhat.com/errata/RHSA-2015:1564"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "1203712",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1203712"
      },
      {
        "category": "external",
        "summary": "1208684",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1208684"
      },
      {
        "category": "external",
        "summary": "1218074",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1218074"
      },
      {
        "category": "external",
        "summary": "1230403",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1230403"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2015/rhsa-2015_1564.json"
      }
    ],
    "title": "Red Hat Security Advisory: kernel-rt security, bug fix, and enhancement update",
    "tracking": {
      "current_release_date": "2024-09-13T10:37:45+00:00",
      "generator": {
        "date": "2024-09-13T10:37:45+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "3.33.3"
        }
      },
      "id": "RHSA-2015:1564",
      "initial_release_date": "2015-08-05T18:49:07+00:00",
      "revision_history": [
        {
          "date": "2015-08-05T18:49:07+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2015-08-05T18:49:08+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-09-13T10:37:45+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat MRG Realtime for RHEL 6 Server v.2",
                "product": {
                  "name": "Red Hat MRG Realtime for RHEL 6 Server v.2",
                  "product_id": "6Server-MRG-Realtime-2",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:enterprise_mrg:2:server:el6"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise MRG for RHEL-6"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-rt-vanilla-debuginfo-1:3.10.0-229.rt56.158.el6rt.x86_64",
                "product": {
                  "name": "kernel-rt-vanilla-debuginfo-1:3.10.0-229.rt56.158.el6rt.x86_64",
                  "product_id": "kernel-rt-vanilla-debuginfo-1:3.10.0-229.rt56.158.el6rt.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-vanilla-debuginfo@3.10.0-229.rt56.158.el6rt?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-debug-devel-1:3.10.0-229.rt56.158.el6rt.x86_64",
                "product": {
                  "name": "kernel-rt-debug-devel-1:3.10.0-229.rt56.158.el6rt.x86_64",
                  "product_id": "kernel-rt-debug-devel-1:3.10.0-229.rt56.158.el6rt.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-debug-devel@3.10.0-229.rt56.158.el6rt?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-vanilla-1:3.10.0-229.rt56.158.el6rt.x86_64",
                "product": {
                  "name": "kernel-rt-vanilla-1:3.10.0-229.rt56.158.el6rt.x86_64",
                  "product_id": "kernel-rt-vanilla-1:3.10.0-229.rt56.158.el6rt.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-vanilla@3.10.0-229.rt56.158.el6rt?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-debug-1:3.10.0-229.rt56.158.el6rt.x86_64",
                "product": {
                  "name": "kernel-rt-debug-1:3.10.0-229.rt56.158.el6rt.x86_64",
                  "product_id": "kernel-rt-debug-1:3.10.0-229.rt56.158.el6rt.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-debug@3.10.0-229.rt56.158.el6rt?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-vanilla-devel-1:3.10.0-229.rt56.158.el6rt.x86_64",
                "product": {
                  "name": "kernel-rt-vanilla-devel-1:3.10.0-229.rt56.158.el6rt.x86_64",
                  "product_id": "kernel-rt-vanilla-devel-1:3.10.0-229.rt56.158.el6rt.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-vanilla-devel@3.10.0-229.rt56.158.el6rt?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-debug-debuginfo-1:3.10.0-229.rt56.158.el6rt.x86_64",
                "product": {
                  "name": "kernel-rt-debug-debuginfo-1:3.10.0-229.rt56.158.el6rt.x86_64",
                  "product_id": "kernel-rt-debug-debuginfo-1:3.10.0-229.rt56.158.el6rt.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-debug-debuginfo@3.10.0-229.rt56.158.el6rt?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-devel-1:3.10.0-229.rt56.158.el6rt.x86_64",
                "product": {
                  "name": "kernel-rt-devel-1:3.10.0-229.rt56.158.el6rt.x86_64",
                  "product_id": "kernel-rt-devel-1:3.10.0-229.rt56.158.el6rt.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-devel@3.10.0-229.rt56.158.el6rt?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-debuginfo-1:3.10.0-229.rt56.158.el6rt.x86_64",
                "product": {
                  "name": "kernel-rt-debuginfo-1:3.10.0-229.rt56.158.el6rt.x86_64",
                  "product_id": "kernel-rt-debuginfo-1:3.10.0-229.rt56.158.el6rt.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-debuginfo@3.10.0-229.rt56.158.el6rt?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-debuginfo-common-x86_64-1:3.10.0-229.rt56.158.el6rt.x86_64",
                "product": {
                  "name": "kernel-rt-debuginfo-common-x86_64-1:3.10.0-229.rt56.158.el6rt.x86_64",
                  "product_id": "kernel-rt-debuginfo-common-x86_64-1:3.10.0-229.rt56.158.el6rt.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-debuginfo-common-x86_64@3.10.0-229.rt56.158.el6rt?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-trace-1:3.10.0-229.rt56.158.el6rt.x86_64",
                "product": {
                  "name": "kernel-rt-trace-1:3.10.0-229.rt56.158.el6rt.x86_64",
                  "product_id": "kernel-rt-trace-1:3.10.0-229.rt56.158.el6rt.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-trace@3.10.0-229.rt56.158.el6rt?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-1:3.10.0-229.rt56.158.el6rt.x86_64",
                "product": {
                  "name": "kernel-rt-1:3.10.0-229.rt56.158.el6rt.x86_64",
                  "product_id": "kernel-rt-1:3.10.0-229.rt56.158.el6rt.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt@3.10.0-229.rt56.158.el6rt?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-trace-devel-1:3.10.0-229.rt56.158.el6rt.x86_64",
                "product": {
                  "name": "kernel-rt-trace-devel-1:3.10.0-229.rt56.158.el6rt.x86_64",
                  "product_id": "kernel-rt-trace-devel-1:3.10.0-229.rt56.158.el6rt.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-trace-devel@3.10.0-229.rt56.158.el6rt?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-trace-debuginfo-1:3.10.0-229.rt56.158.el6rt.x86_64",
                "product": {
                  "name": "kernel-rt-trace-debuginfo-1:3.10.0-229.rt56.158.el6rt.x86_64",
                  "product_id": "kernel-rt-trace-debuginfo-1:3.10.0-229.rt56.158.el6rt.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-trace-debuginfo@3.10.0-229.rt56.158.el6rt?arch=x86_64\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-rt-1:3.10.0-229.rt56.158.el6rt.src",
                "product": {
                  "name": "kernel-rt-1:3.10.0-229.rt56.158.el6rt.src",
                  "product_id": "kernel-rt-1:3.10.0-229.rt56.158.el6rt.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt@3.10.0-229.rt56.158.el6rt?arch=src\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-rt-firmware-1:3.10.0-229.rt56.158.el6rt.noarch",
                "product": {
                  "name": "kernel-rt-firmware-1:3.10.0-229.rt56.158.el6rt.noarch",
                  "product_id": "kernel-rt-firmware-1:3.10.0-229.rt56.158.el6rt.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-firmware@3.10.0-229.rt56.158.el6rt?arch=noarch\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-doc-1:3.10.0-229.rt56.158.el6rt.noarch",
                "product": {
                  "name": "kernel-rt-doc-1:3.10.0-229.rt56.158.el6rt.noarch",
                  "product_id": "kernel-rt-doc-1:3.10.0-229.rt56.158.el6rt.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-doc@3.10.0-229.rt56.158.el6rt?arch=noarch\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-1:3.10.0-229.rt56.158.el6rt.src as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
          "product_id": "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-229.rt56.158.el6rt.src"
        },
        "product_reference": "kernel-rt-1:3.10.0-229.rt56.158.el6rt.src",
        "relates_to_product_reference": "6Server-MRG-Realtime-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-1:3.10.0-229.rt56.158.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
          "product_id": "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-229.rt56.158.el6rt.x86_64"
        },
        "product_reference": "kernel-rt-1:3.10.0-229.rt56.158.el6rt.x86_64",
        "relates_to_product_reference": "6Server-MRG-Realtime-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-1:3.10.0-229.rt56.158.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
          "product_id": "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-229.rt56.158.el6rt.x86_64"
        },
        "product_reference": "kernel-rt-debug-1:3.10.0-229.rt56.158.el6rt.x86_64",
        "relates_to_product_reference": "6Server-MRG-Realtime-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-debuginfo-1:3.10.0-229.rt56.158.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
          "product_id": "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-229.rt56.158.el6rt.x86_64"
        },
        "product_reference": "kernel-rt-debug-debuginfo-1:3.10.0-229.rt56.158.el6rt.x86_64",
        "relates_to_product_reference": "6Server-MRG-Realtime-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-devel-1:3.10.0-229.rt56.158.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
          "product_id": "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-229.rt56.158.el6rt.x86_64"
        },
        "product_reference": "kernel-rt-debug-devel-1:3.10.0-229.rt56.158.el6rt.x86_64",
        "relates_to_product_reference": "6Server-MRG-Realtime-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debuginfo-1:3.10.0-229.rt56.158.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
          "product_id": "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-229.rt56.158.el6rt.x86_64"
        },
        "product_reference": "kernel-rt-debuginfo-1:3.10.0-229.rt56.158.el6rt.x86_64",
        "relates_to_product_reference": "6Server-MRG-Realtime-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debuginfo-common-x86_64-1:3.10.0-229.rt56.158.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
          "product_id": "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-229.rt56.158.el6rt.x86_64"
        },
        "product_reference": "kernel-rt-debuginfo-common-x86_64-1:3.10.0-229.rt56.158.el6rt.x86_64",
        "relates_to_product_reference": "6Server-MRG-Realtime-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-devel-1:3.10.0-229.rt56.158.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
          "product_id": "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-229.rt56.158.el6rt.x86_64"
        },
        "product_reference": "kernel-rt-devel-1:3.10.0-229.rt56.158.el6rt.x86_64",
        "relates_to_product_reference": "6Server-MRG-Realtime-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-doc-1:3.10.0-229.rt56.158.el6rt.noarch as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
          "product_id": "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-229.rt56.158.el6rt.noarch"
        },
        "product_reference": "kernel-rt-doc-1:3.10.0-229.rt56.158.el6rt.noarch",
        "relates_to_product_reference": "6Server-MRG-Realtime-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-firmware-1:3.10.0-229.rt56.158.el6rt.noarch as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
          "product_id": "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-229.rt56.158.el6rt.noarch"
        },
        "product_reference": "kernel-rt-firmware-1:3.10.0-229.rt56.158.el6rt.noarch",
        "relates_to_product_reference": "6Server-MRG-Realtime-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-trace-1:3.10.0-229.rt56.158.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
          "product_id": "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-229.rt56.158.el6rt.x86_64"
        },
        "product_reference": "kernel-rt-trace-1:3.10.0-229.rt56.158.el6rt.x86_64",
        "relates_to_product_reference": "6Server-MRG-Realtime-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-trace-debuginfo-1:3.10.0-229.rt56.158.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
          "product_id": "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-229.rt56.158.el6rt.x86_64"
        },
        "product_reference": "kernel-rt-trace-debuginfo-1:3.10.0-229.rt56.158.el6rt.x86_64",
        "relates_to_product_reference": "6Server-MRG-Realtime-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-trace-devel-1:3.10.0-229.rt56.158.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
          "product_id": "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-229.rt56.158.el6rt.x86_64"
        },
        "product_reference": "kernel-rt-trace-devel-1:3.10.0-229.rt56.158.el6rt.x86_64",
        "relates_to_product_reference": "6Server-MRG-Realtime-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-vanilla-1:3.10.0-229.rt56.158.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
          "product_id": "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-229.rt56.158.el6rt.x86_64"
        },
        "product_reference": "kernel-rt-vanilla-1:3.10.0-229.rt56.158.el6rt.x86_64",
        "relates_to_product_reference": "6Server-MRG-Realtime-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-vanilla-debuginfo-1:3.10.0-229.rt56.158.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
          "product_id": "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-229.rt56.158.el6rt.x86_64"
        },
        "product_reference": "kernel-rt-vanilla-debuginfo-1:3.10.0-229.rt56.158.el6rt.x86_64",
        "relates_to_product_reference": "6Server-MRG-Realtime-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-vanilla-devel-1:3.10.0-229.rt56.158.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
          "product_id": "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-229.rt56.158.el6rt.x86_64"
        },
        "product_reference": "kernel-rt-vanilla-devel-1:3.10.0-229.rt56.158.el6rt.x86_64",
        "relates_to_product_reference": "6Server-MRG-Realtime-2"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Nathan Hoad"
          ]
        }
      ],
      "cve": "CVE-2014-9715",
      "cwe": {
        "id": "CWE-841",
        "name": "Improper Enforcement of Behavioral Workflow"
      },
      "discovery_date": "2014-05-26T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1208684"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An integer overflow flaw was found in the way the Linux kernel\u0027s netfilter connection tracking implementation loaded extensions. An attacker on a local network could potentially send a sequence of specially crafted packets that would initiate the loading of a large number of extensions, causing the targeted system in that network to crash.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: netfilter connection tracking extensions denial of service",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue does not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5 and 6. This issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG 2.\n\nFor additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-229.rt56.158.el6rt.src",
          "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-229.rt56.158.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-229.rt56.158.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-229.rt56.158.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-229.rt56.158.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-229.rt56.158.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-229.rt56.158.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-229.rt56.158.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-229.rt56.158.el6rt.noarch",
          "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-229.rt56.158.el6rt.noarch",
          "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-229.rt56.158.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-229.rt56.158.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-229.rt56.158.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-229.rt56.158.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-229.rt56.158.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-229.rt56.158.el6rt.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2014-9715"
        },
        {
          "category": "external",
          "summary": "RHBZ#1208684",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1208684"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2014-9715",
          "url": "https://www.cve.org/CVERecord?id=CVE-2014-9715"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-9715",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-9715"
        }
      ],
      "release_date": "2015-04-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-229.rt56.158.el6rt.src",
            "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-229.rt56.158.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-229.rt56.158.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-229.rt56.158.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-229.rt56.158.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-229.rt56.158.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-229.rt56.158.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-229.rt56.158.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-229.rt56.158.el6rt.noarch",
            "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-229.rt56.158.el6rt.noarch",
            "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-229.rt56.158.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-229.rt56.158.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-229.rt56.158.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-229.rt56.158.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-229.rt56.158.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-229.rt56.158.el6rt.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2015:1564"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 5.7,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:A/AC:M/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          "products": [
            "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-229.rt56.158.el6rt.src",
            "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-229.rt56.158.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-229.rt56.158.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-229.rt56.158.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-229.rt56.158.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-229.rt56.158.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-229.rt56.158.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-229.rt56.158.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-229.rt56.158.el6rt.noarch",
            "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-229.rt56.158.el6rt.noarch",
            "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-229.rt56.158.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-229.rt56.158.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-229.rt56.158.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-229.rt56.158.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-229.rt56.158.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-229.rt56.158.el6rt.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "kernel: netfilter connection tracking extensions denial of service"
    },
    {
      "cve": "CVE-2015-2922",
      "cwe": {
        "id": "CWE-454",
        "name": "External Initialization of Trusted Variables or Data Stores"
      },
      "discovery_date": "2015-03-05T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1203712"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "It was found that the Linux kernel\u0027s TCP/IP protocol suite implementation for IPv6 allowed the Hop Limit value to be set to a smaller value than the default one. An attacker on a local network could use this flaw to prevent systems on that network from sending or receiving network packets.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: denial of service (DoS) attack against IPv6 network stacks due to improper handling of Router Advertisements.",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue affects the versions of the Linux kernel as shipped with\nRed Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2. Future kernel\nupdates for Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2 may\naddress this issue.\n\nRed Hat Enterprise Linux 5 is now in Production 3 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-229.rt56.158.el6rt.src",
          "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-229.rt56.158.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-229.rt56.158.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-229.rt56.158.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-229.rt56.158.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-229.rt56.158.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-229.rt56.158.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-229.rt56.158.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-229.rt56.158.el6rt.noarch",
          "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-229.rt56.158.el6rt.noarch",
          "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-229.rt56.158.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-229.rt56.158.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-229.rt56.158.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-229.rt56.158.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-229.rt56.158.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-229.rt56.158.el6rt.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2015-2922"
        },
        {
          "category": "external",
          "summary": "RHBZ#1203712",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1203712"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2015-2922",
          "url": "https://www.cve.org/CVERecord?id=CVE-2015-2922"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-2922",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2922"
        }
      ],
      "release_date": "2015-03-24T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-229.rt56.158.el6rt.src",
            "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-229.rt56.158.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-229.rt56.158.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-229.rt56.158.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-229.rt56.158.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-229.rt56.158.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-229.rt56.158.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-229.rt56.158.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-229.rt56.158.el6rt.noarch",
            "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-229.rt56.158.el6rt.noarch",
            "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-229.rt56.158.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-229.rt56.158.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-229.rt56.158.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-229.rt56.158.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-229.rt56.158.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-229.rt56.158.el6rt.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2015:1564"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 3.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "products": [
            "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-229.rt56.158.el6rt.src",
            "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-229.rt56.158.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-229.rt56.158.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-229.rt56.158.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-229.rt56.158.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-229.rt56.158.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-229.rt56.158.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-229.rt56.158.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-229.rt56.158.el6rt.noarch",
            "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-229.rt56.158.el6rt.noarch",
            "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-229.rt56.158.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-229.rt56.158.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-229.rt56.158.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-229.rt56.158.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-229.rt56.158.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-229.rt56.158.el6rt.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "kernel: denial of service (DoS) attack against IPv6 network stacks due to improper handling of Router Advertisements."
    },
    {
      "cve": "CVE-2015-3636",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "discovery_date": "2015-05-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1218074"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "It was found that the Linux kernel\u0027s ping socket implementation did not properly handle socket unhashing during spurious disconnects, which could lead to a use-after-free flaw. On x86-64 architecture systems, a local user able to create ping sockets could use this flaw to crash the system. On non-x86-64 architecture systems, a local user able to create ping sockets could use this flaw to escalate their privileges on the system.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: ping sockets: use-after-free leading to local privilege escalation",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue does not affect the Linux kernel as shipped with Red Hat Enterprise Linux 5. This issue does affect the Linux kernel as shipped with Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates for the respective releases will address this issue.\n\nPlease note that on x86-64 architecture systems the impact is limited to local Denial of Service and that the ping sockets functionality is disabled by default (net.ipv4.ping_group_range sysctl is \"1\t0\").",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-229.rt56.158.el6rt.src",
          "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-229.rt56.158.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-229.rt56.158.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-229.rt56.158.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-229.rt56.158.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-229.rt56.158.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-229.rt56.158.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-229.rt56.158.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-229.rt56.158.el6rt.noarch",
          "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-229.rt56.158.el6rt.noarch",
          "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-229.rt56.158.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-229.rt56.158.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-229.rt56.158.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-229.rt56.158.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-229.rt56.158.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-229.rt56.158.el6rt.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2015-3636"
        },
        {
          "category": "external",
          "summary": "RHBZ#1218074",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1218074"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2015-3636",
          "url": "https://www.cve.org/CVERecord?id=CVE-2015-3636"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-3636",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3636"
        }
      ],
      "release_date": "2015-05-02T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-229.rt56.158.el6rt.src",
            "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-229.rt56.158.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-229.rt56.158.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-229.rt56.158.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-229.rt56.158.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-229.rt56.158.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-229.rt56.158.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-229.rt56.158.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-229.rt56.158.el6rt.noarch",
            "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-229.rt56.158.el6rt.noarch",
            "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-229.rt56.158.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-229.rt56.158.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-229.rt56.158.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-229.rt56.158.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-229.rt56.158.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-229.rt56.158.el6rt.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2015:1564"
        },
        {
          "category": "workaround",
          "details": "You can check whether ping socket functionality is enabled by examining the net.ipv4.ping_group_range sysctl value:\n\n~]# sysctl net.ipv4.ping_group_range\nnet.ipv4.ping_group_range = 1\t0\n\n\"1 0\" is the default value and disables the ping socket functionality even for root user. Any other value means that the ping socket functionality might be enabled for certain users on the system.\n\nTo mitigate this vulnerability make sure that you either allow the functionality to trusted local users (groups) only or set the net.ipv4.ping_group_range sysctl to the default and disabled state:\n\n~]# sysctl net.ipv4.ping_group_range=\"1 0\"\n\nPlease note that this might prevent some programs relying on this functionality from functioning properly.",
          "product_ids": [
            "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-229.rt56.158.el6rt.src",
            "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-229.rt56.158.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-229.rt56.158.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-229.rt56.158.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-229.rt56.158.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-229.rt56.158.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-229.rt56.158.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-229.rt56.158.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-229.rt56.158.el6rt.noarch",
            "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-229.rt56.158.el6rt.noarch",
            "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-229.rt56.158.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-229.rt56.158.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-229.rt56.158.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-229.rt56.158.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-229.rt56.158.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-229.rt56.158.el6rt.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "SINGLE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 4.4,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:L/AC:M/Au:S/C:N/I:N/A:C",
            "version": "2.0"
          },
          "products": [
            "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-229.rt56.158.el6rt.src",
            "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-229.rt56.158.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-229.rt56.158.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-229.rt56.158.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-229.rt56.158.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-229.rt56.158.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-229.rt56.158.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-229.rt56.158.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-229.rt56.158.el6rt.noarch",
            "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-229.rt56.158.el6rt.noarch",
            "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-229.rt56.158.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-229.rt56.158.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-229.rt56.158.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-229.rt56.158.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-229.rt56.158.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-229.rt56.158.el6rt.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "kernel: ping sockets: use-after-free leading to local privilege escalation"
    }
  ]
}

cve-2014-9715

Vulnerability from cvelistv5

Published

2015-05-27 10:00

Modified

2024-08-06 13:55

Severity

Summary

include/net/netfilter/nf_conntrack_extend.h in the netfilter subsystem in the Linux kernel before 3.14.5 uses an insufficiently large data type for certain extension data, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via outbound network traffic that triggers extension loading, as demonstrated by configuring a PPTP tunnel in a NAT environment.

References

URL	Tags
http://www.securityfocus.com/bid/73953	vdb-entry, x_refsource_BID
https://github.com/torvalds/linux/commit/223b02d923ecd7c84cf9780bb3686f455d279279	x_refsource_CONFIRM
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.5	x_refsource_CONFIRM
http://marc.info/?l=netfilter-devel&m=140112364215200&w=2	mailing-list, x_refsource_MLIST
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html	x_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2015/04/08/1	mailing-list, x_refsource_MLIST
http://www.debian.org/security/2015/dsa-3237	vendor-advisory, x_refsource_DEBIAN
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=223b02d923ecd7c84cf9780bb3686f455d279279	x_refsource_CONFIRM
http://www.securitytracker.com/id/1032415	vdb-entry, x_refsource_SECTRACK
http://rhn.redhat.com/errata/RHSA-2015-1534.html	vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2015-1564.html	vendor-advisory, x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=1208684	x_refsource_CONFIRM

Impacted products

Vendor	Product
n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:55:04.186Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "73953",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/73953"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/223b02d923ecd7c84cf9780bb3686f455d279279"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.5"
          },
          {
            "name": "[netfilter-devel] 20140526 OOPS NULL pointer dereference in nf_nat_setup_info+0x471 (reproductible, 3.14.4)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=netfilter-devel\u0026m=140112364215200\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
          },
          {
            "name": "[oss-security] 20150407 CVE request netfilter connection tracking accounting.",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/04/08/1"
          },
          {
            "name": "DSA-3237",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3237"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=223b02d923ecd7c84cf9780bb3686f455d279279"
          },
          {
            "name": "1032415",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032415"
          },
          {
            "name": "RHSA-2015:1534",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1534.html"
          },
          {
            "name": "RHSA-2015:1564",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1564.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1208684"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-04-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "include/net/netfilter/nf_conntrack_extend.h in the netfilter subsystem in the Linux kernel before 3.14.5 uses an insufficiently large data type for certain extension data, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via outbound network traffic that triggers extension loading, as demonstrated by configuring a PPTP tunnel in a NAT environment."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-29T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "73953",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/73953"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/torvalds/linux/commit/223b02d923ecd7c84cf9780bb3686f455d279279"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.5"
        },
        {
          "name": "[netfilter-devel] 20140526 OOPS NULL pointer dereference in nf_nat_setup_info+0x471 (reproductible, 3.14.4)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=netfilter-devel\u0026m=140112364215200\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
        },
        {
          "name": "[oss-security] 20150407 CVE request netfilter connection tracking accounting.",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/04/08/1"
        },
        {
          "name": "DSA-3237",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3237"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=223b02d923ecd7c84cf9780bb3686f455d279279"
        },
        {
          "name": "1032415",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1032415"
        },
        {
          "name": "RHSA-2015:1534",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1534.html"
        },
        {
          "name": "RHSA-2015:1564",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1564.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1208684"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-9715",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "include/net/netfilter/nf_conntrack_extend.h in the netfilter subsystem in the Linux kernel before 3.14.5 uses an insufficiently large data type for certain extension data, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via outbound network traffic that triggers extension loading, as demonstrated by configuring a PPTP tunnel in a NAT environment."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "73953",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/73953"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/223b02d923ecd7c84cf9780bb3686f455d279279",
              "refsource": "CONFIRM",
              "url": "https://github.com/torvalds/linux/commit/223b02d923ecd7c84cf9780bb3686f455d279279"
            },
            {
              "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.5",
              "refsource": "CONFIRM",
              "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.5"
            },
            {
              "name": "[netfilter-devel] 20140526 OOPS NULL pointer dereference in nf_nat_setup_info+0x471 (reproductible, 3.14.4)",
              "refsource": "MLIST",
              "url": "http://marc.info/?l=netfilter-devel\u0026m=140112364215200\u0026w=2"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
            },
            {
              "name": "[oss-security] 20150407 CVE request netfilter connection tracking accounting.",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/04/08/1"
            },
            {
              "name": "DSA-3237",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2015/dsa-3237"
            },
            {
              "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=223b02d923ecd7c84cf9780bb3686f455d279279",
              "refsource": "CONFIRM",
              "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=223b02d923ecd7c84cf9780bb3686f455d279279"
            },
            {
              "name": "1032415",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1032415"
            },
            {
              "name": "RHSA-2015:1534",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-1534.html"
            },
            {
              "name": "RHSA-2015:1564",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-1564.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1208684",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1208684"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-9715",
    "datePublished": "2015-05-27T10:00:00",
    "dateReserved": "2015-04-08T00:00:00",
    "dateUpdated": "2024-08-06T13:55:04.186Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-3636

Vulnerability from cvelistv5

Published

2015-08-06 01:00

Modified

2024-08-06 05:47

Severity

Summary

The ping_unhash function in net/ipv4/ping.c in the Linux kernel before 4.0.3 does not initialize a certain list data structure during an unhash operation, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) by leveraging the ability to make a SOCK_DGRAM socket system call for the IPPROTO_ICMP or IPPROTO_ICMPV6 protocol, and then making a connect system call after a disconnect.

References

URL	Tags
http://www.debian.org/security/2015/dsa-3290	vendor-advisory, x_refsource_DEBIAN
http://www.ubuntu.com/usn/USN-2631-1	vendor-advisory, x_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-2634-1	vendor-advisory, x_refsource_UBUNTU
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00011.html	vendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.html	vendor-advisory, x_refsource_SUSE
http://www.ubuntu.com/usn/USN-2632-1	vendor-advisory, x_refsource_UBUNTU
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00008.html	vendor-advisory, x_refsource_SUSE
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158804.html	vendor-advisory, x_refsource_FEDORA
http://www.openwall.com/lists/oss-security/2015/05/02/5	mailing-list, x_refsource_MLIST
http://www.securitytracker.com/id/1033186	vdb-entry, x_refsource_SECTRACK
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html	x_refsource_CONFIRM
https://github.com/torvalds/linux/commit/a134f083e79fb4c3d0a925691e732c56911b4326	x_refsource_CONFIRM
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157897.html	vendor-advisory, x_refsource_FEDORA
http://rhn.redhat.com/errata/RHSA-2015-1643.html	vendor-advisory, x_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html	vendor-advisory, x_refsource_SUSE
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.3	x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=1218074	x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html	vendor-advisory, x_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2015-1583.html	vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2015-1534.html	vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2015-1564.html	vendor-advisory, x_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.html	vendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00007.html	vendor-advisory, x_refsource_SUSE
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a134f083e79fb4c3d0a925691e732c56911b4326	x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2015-1221.html	vendor-advisory, x_refsource_REDHAT
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157788.html	vendor-advisory, x_refsource_FEDORA
http://www.ubuntu.com/usn/USN-2633-1	vendor-advisory, x_refsource_UBUNTU
http://www.securityfocus.com/bid/74450	vdb-entry, x_refsource_BID

Impacted products

Vendor	Product
n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:47:57.772Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-3290",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3290"
          },
          {
            "name": "USN-2631-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2631-1"
          },
          {
            "name": "USN-2634-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2634-1"
          },
          {
            "name": "SUSE-SU-2015:1491",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00011.html"
          },
          {
            "name": "SUSE-SU-2015:1489",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.html"
          },
          {
            "name": "USN-2632-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2632-1"
          },
          {
            "name": "SUSE-SU-2015:1488",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00008.html"
          },
          {
            "name": "FEDORA-2015-8518",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158804.html"
          },
          {
            "name": "[oss-security] 20150502 CVE request for a fixed bug existed in all versions of linux kernel from KeenTeam",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/05/02/5"
          },
          {
            "name": "1033186",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1033186"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/a134f083e79fb4c3d0a925691e732c56911b4326"
          },
          {
            "name": "FEDORA-2015-7736",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157897.html"
          },
          {
            "name": "RHSA-2015:1643",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1643.html"
          },
          {
            "name": "openSUSE-SU-2015:1382",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.3"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1218074"
          },
          {
            "name": "SUSE-SU-2015:1478",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html"
          },
          {
            "name": "RHSA-2015:1583",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1583.html"
          },
          {
            "name": "RHSA-2015:1534",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1534.html"
          },
          {
            "name": "RHSA-2015:1564",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1564.html"
          },
          {
            "name": "SUSE-SU-2015:1224",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.html"
          },
          {
            "name": "SUSE-SU-2015:1487",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00007.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a134f083e79fb4c3d0a925691e732c56911b4326"
          },
          {
            "name": "RHSA-2015:1221",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1221.html"
          },
          {
            "name": "FEDORA-2015-7784",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157788.html"
          },
          {
            "name": "USN-2633-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2633-1"
          },
          {
            "name": "74450",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/74450"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-05-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The ping_unhash function in net/ipv4/ping.c in the Linux kernel before 4.0.3 does not initialize a certain list data structure during an unhash operation, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) by leveraging the ability to make a SOCK_DGRAM socket system call for the IPPROTO_ICMP or IPPROTO_ICMPV6 protocol, and then making a connect system call after a disconnect."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "DSA-3290",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3290"
        },
        {
          "name": "USN-2631-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2631-1"
        },
        {
          "name": "USN-2634-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2634-1"
        },
        {
          "name": "SUSE-SU-2015:1491",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00011.html"
        },
        {
          "name": "SUSE-SU-2015:1489",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.html"
        },
        {
          "name": "USN-2632-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2632-1"
        },
        {
          "name": "SUSE-SU-2015:1488",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00008.html"
        },
        {
          "name": "FEDORA-2015-8518",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158804.html"
        },
        {
          "name": "[oss-security] 20150502 CVE request for a fixed bug existed in all versions of linux kernel from KeenTeam",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/05/02/5"
        },
        {
          "name": "1033186",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1033186"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/torvalds/linux/commit/a134f083e79fb4c3d0a925691e732c56911b4326"
        },
        {
          "name": "FEDORA-2015-7736",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157897.html"
        },
        {
          "name": "RHSA-2015:1643",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1643.html"
        },
        {
          "name": "openSUSE-SU-2015:1382",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.3"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1218074"
        },
        {
          "name": "SUSE-SU-2015:1478",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html"
        },
        {
          "name": "RHSA-2015:1583",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1583.html"
        },
        {
          "name": "RHSA-2015:1534",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1534.html"
        },
        {
          "name": "RHSA-2015:1564",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1564.html"
        },
        {
          "name": "SUSE-SU-2015:1224",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.html"
        },
        {
          "name": "SUSE-SU-2015:1487",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00007.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a134f083e79fb4c3d0a925691e732c56911b4326"
        },
        {
          "name": "RHSA-2015:1221",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1221.html"
        },
        {
          "name": "FEDORA-2015-7784",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157788.html"
        },
        {
          "name": "USN-2633-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2633-1"
        },
        {
          "name": "74450",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/74450"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-3636",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The ping_unhash function in net/ipv4/ping.c in the Linux kernel before 4.0.3 does not initialize a certain list data structure during an unhash operation, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) by leveraging the ability to make a SOCK_DGRAM socket system call for the IPPROTO_ICMP or IPPROTO_ICMPV6 protocol, and then making a connect system call after a disconnect."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-3290",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2015/dsa-3290"
            },
            {
              "name": "USN-2631-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2631-1"
            },
            {
              "name": "USN-2634-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2634-1"
            },
            {
              "name": "SUSE-SU-2015:1491",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00011.html"
            },
            {
              "name": "SUSE-SU-2015:1489",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.html"
            },
            {
              "name": "USN-2632-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2632-1"
            },
            {
              "name": "SUSE-SU-2015:1488",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00008.html"
            },
            {
              "name": "FEDORA-2015-8518",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158804.html"
            },
            {
              "name": "[oss-security] 20150502 CVE request for a fixed bug existed in all versions of linux kernel from KeenTeam",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/05/02/5"
            },
            {
              "name": "1033186",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1033186"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/a134f083e79fb4c3d0a925691e732c56911b4326",
              "refsource": "CONFIRM",
              "url": "https://github.com/torvalds/linux/commit/a134f083e79fb4c3d0a925691e732c56911b4326"
            },
            {
              "name": "FEDORA-2015-7736",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157897.html"
            },
            {
              "name": "RHSA-2015:1643",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-1643.html"
            },
            {
              "name": "openSUSE-SU-2015:1382",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html"
            },
            {
              "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.3",
              "refsource": "CONFIRM",
              "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.3"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1218074",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1218074"
            },
            {
              "name": "SUSE-SU-2015:1478",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html"
            },
            {
              "name": "RHSA-2015:1583",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-1583.html"
            },
            {
              "name": "RHSA-2015:1534",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-1534.html"
            },
            {
              "name": "RHSA-2015:1564",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-1564.html"
            },
            {
              "name": "SUSE-SU-2015:1224",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.html"
            },
            {
              "name": "SUSE-SU-2015:1487",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00007.html"
            },
            {
              "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a134f083e79fb4c3d0a925691e732c56911b4326",
              "refsource": "CONFIRM",
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a134f083e79fb4c3d0a925691e732c56911b4326"
            },
            {
              "name": "RHSA-2015:1221",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-1221.html"
            },
            {
              "name": "FEDORA-2015-7784",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157788.html"
            },
            {
              "name": "USN-2633-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2633-1"
            },
            {
              "name": "74450",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/74450"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-3636",
    "datePublished": "2015-08-06T01:00:00",
    "dateReserved": "2015-05-02T00:00:00",
    "dateUpdated": "2024-08-06T05:47:57.772Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-2922

Vulnerability from cvelistv5

Published

2015-05-27 10:00

Modified

2024-08-06 05:32

Severity

Summary

The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in the Linux kernel before 3.19.6 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message.

References

URL	Tags
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155908.html	vendor-advisory, x_refsource_FEDORA
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155804.html	vendor-advisory, x_refsource_FEDORA
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html	x_refsource_CONFIRM
http://www.debian.org/security/2015/dsa-3237	vendor-advisory, x_refsource_DEBIAN
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html	vendor-advisory, x_refsource_SUSE
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155854.html	vendor-advisory, x_refsource_FEDORA
http://www.securitytracker.com/id/1032417	vdb-entry, x_refsource_SECTRACK
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.19.6	x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html	vendor-advisory, x_refsource_SUSE
http://www.openwall.com/lists/oss-security/2015/04/04/2	mailing-list, x_refsource_MLIST
https://bugzilla.redhat.com/show_bug.cgi?id=1203712	x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2015-1534.html	vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2015-1564.html	vendor-advisory, x_refsource_REDHAT
https://github.com/torvalds/linux/commit/6fd99094de2b83d1d4c8457f2c83483b2828e75a	x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.html	vendor-advisory, x_refsource_SUSE
http://www.securityfocus.com/bid/74315	vdb-entry, x_refsource_BID
http://rhn.redhat.com/errata/RHSA-2015-1221.html	vendor-advisory, x_refsource_REDHAT
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6fd99094de2b83d1d4c8457f2c83483b2828e75a	x_refsource_CONFIRM
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html	x_refsource_CONFIRM

Impacted products

Vendor	Product
n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:32:20.794Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "FEDORA-2015-6100",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155908.html"
          },
          {
            "name": "FEDORA-2015-6294",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155804.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
          },
          {
            "name": "DSA-3237",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3237"
          },
          {
            "name": "openSUSE-SU-2015:1382",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html"
          },
          {
            "name": "FEDORA-2015-6320",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155854.html"
          },
          {
            "name": "1032417",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032417"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.19.6"
          },
          {
            "name": "SUSE-SU-2015:1478",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html"
          },
          {
            "name": "[oss-security] 20150404 Re: CVE Request : IPv6 Hop limit lowering via RA messages",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/04/04/2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1203712"
          },
          {
            "name": "RHSA-2015:1534",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1534.html"
          },
          {
            "name": "RHSA-2015:1564",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1564.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/6fd99094de2b83d1d4c8457f2c83483b2828e75a"
          },
          {
            "name": "SUSE-SU-2015:1224",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.html"
          },
          {
            "name": "74315",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/74315"
          },
          {
            "name": "RHSA-2015:1221",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1221.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6fd99094de2b83d1d4c8457f2c83483b2828e75a"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-04-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in the Linux kernel before 3.19.6 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "FEDORA-2015-6100",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155908.html"
        },
        {
          "name": "FEDORA-2015-6294",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155804.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
        },
        {
          "name": "DSA-3237",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3237"
        },
        {
          "name": "openSUSE-SU-2015:1382",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html"
        },
        {
          "name": "FEDORA-2015-6320",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155854.html"
        },
        {
          "name": "1032417",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1032417"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.19.6"
        },
        {
          "name": "SUSE-SU-2015:1478",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html"
        },
        {
          "name": "[oss-security] 20150404 Re: CVE Request : IPv6 Hop limit lowering via RA messages",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/04/04/2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1203712"
        },
        {
          "name": "RHSA-2015:1534",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1534.html"
        },
        {
          "name": "RHSA-2015:1564",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1564.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/torvalds/linux/commit/6fd99094de2b83d1d4c8457f2c83483b2828e75a"
        },
        {
          "name": "SUSE-SU-2015:1224",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.html"
        },
        {
          "name": "74315",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/74315"
        },
        {
          "name": "RHSA-2015:1221",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1221.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6fd99094de2b83d1d4c8457f2c83483b2828e75a"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-2922",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in the Linux kernel before 3.19.6 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "FEDORA-2015-6100",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155908.html"
            },
            {
              "name": "FEDORA-2015-6294",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155804.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
            },
            {
              "name": "DSA-3237",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2015/dsa-3237"
            },
            {
              "name": "openSUSE-SU-2015:1382",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html"
            },
            {
              "name": "FEDORA-2015-6320",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155854.html"
            },
            {
              "name": "1032417",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1032417"
            },
            {
              "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.19.6",
              "refsource": "CONFIRM",
              "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.19.6"
            },
            {
              "name": "SUSE-SU-2015:1478",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html"
            },
            {
              "name": "[oss-security] 20150404 Re: CVE Request : IPv6 Hop limit lowering via RA messages",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/04/04/2"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1203712",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1203712"
            },
            {
              "name": "RHSA-2015:1534",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-1534.html"
            },
            {
              "name": "RHSA-2015:1564",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-1564.html"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/6fd99094de2b83d1d4c8457f2c83483b2828e75a",
              "refsource": "CONFIRM",
              "url": "https://github.com/torvalds/linux/commit/6fd99094de2b83d1d4c8457f2c83483b2828e75a"
            },
            {
              "name": "SUSE-SU-2015:1224",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.html"
            },
            {
              "name": "74315",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/74315"
            },
            {
              "name": "RHSA-2015:1221",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-1221.html"
            },
            {
              "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6fd99094de2b83d1d4c8457f2c83483b2828e75a",
              "refsource": "CONFIRM",
              "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6fd99094de2b83d1d4c8457f2c83483b2828e75a"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-2922",
    "datePublished": "2015-05-27T10:00:00",
    "dateReserved": "2015-04-04T00:00:00",
    "dateUpdated": "2024-08-06T05:32:20.794Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Action not permitted

rhsa-2015_1564

Vulnerability from csaf_redhat

cve-2014-9715

Vulnerability from cvelistv5

cve-2015-3636

Vulnerability from cvelistv5

cve-2015-2922

Vulnerability from cvelistv5

Tags