Vulnerability Details : CVE-2015-5156
The virtnet_probe function in drivers/net/virtio_net.c in the Linux kernel before 4.2 attempts to support a FRAGLIST feature without proper memory allocation, which allows guest OS users to cause a denial of service (buffer overflow and memory corruption) via a crafted sequence of fragmented packets.
Vulnerability category: OverflowMemory CorruptionDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2015-5156
Probability of exploitation activity in the next 30 days: 0.24%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 61 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2015-5156
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.1
|
MEDIUM | AV:A/AC:L/Au:N/C:N/I:N/A:C |
6.5
|
6.9
|
NIST |
CWE ids for CVE-2015-5156
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-5156
-
http://www.debian.org/security/2015/dsa-3364
Debian -- Security Information -- DSA-3364-1 linux
-
http://rhn.redhat.com/errata/RHSA-2015-1978.html
RHSA-2015:1978 - Security Advisory - Red Hat Customer Portal
-
http://www.securityfocus.com/bid/76230
Linux Kernel 'virtio-net' Fragmented Packets Handling Buffer Overflow Vulnerability
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169378.html
[SECURITY] Fedora 22 Update: kernel-4.2.3-200.fc22
-
http://www.securitytracker.com/id/1034045
Linux Kernel Buffer Oveflow in virtio-net GRO Fragmentation Processing Lets Remote Users Cause the Target System to Crash or Potentially Execute Arbitrary Code - SecurityTracker
-
http://www.ubuntu.com/usn/USN-2777-1
USN-2777-1: Linux kernel (Utopic HWE) vulnerabilities | Ubuntu security notices
-
http://www.ubuntu.com/usn/USN-2774-1
USN-2774-1: Linux kernel (OMAP4) vulnerabilities | Ubuntu security notices
-
http://www.ubuntu.com/usn/USN-2773-1
USN-2773-1: Linux kernel vulnerabilities | Ubuntu security notices
-
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
Oracle Linux Bulletin - October 2015
-
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
Oracle Linux Bulletin - April 2016
-
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
Oracle Linux Bulletin - January 2016
-
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=48900cb6af4282fa0fb6ff4d72a81aa3dadb5c39
kernel/git/torvalds/linux.git - Linux kernel source tree
-
https://bugzilla.redhat.com/show_bug.cgi?id=1243852
1243852 – (CVE-2015-5156) CVE-2015-5156 kernel: buffer overflow with fraglist larger than MAX_SKB_FRAGS + 2 in virtio-net
-
http://rhn.redhat.com/errata/RHSA-2016-0855.html
RHSA-2016:0855 - Security Advisory - Red Hat Customer Portal
-
https://github.com/torvalds/linux/commit/48900cb6af4282fa0fb6ff4d72a81aa3dadb5c39
virtio-net: drop NETIF_F_FRAGLIST · torvalds/linux@48900cb · GitHub
-
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00018.html
[security-announce] SUSE-SU-2015:2292-1: important: Security update for
-
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00009.html
[security-announce] SUSE-SU-2015:1727-1: important: Security update for
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171454.html
[SECURITY] Fedora 21 Update: kernel-4.1.12-101.fc21
Products affected by CVE-2015-5156
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*