CVE-2015-7613 : Race condition in the IPC object implementation in the Linux kernel through 4.2.3 allows local users to gain privileges

Race condition in the IPC object implementation in the Linux kernel through 4.2.3 allows local users to gain privileges by triggering an ipc_addid call that leads to uid and gid comparisons against uninitialized data, related to msg.c, shm.c, and util.c.

Published 2015-10-19 10:59:08

Updated 2016-12-08 03:13:58

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2015-7613

Probability of exploitation activity in the next 30 days: 0.04%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 8 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2015-7613

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.9	MEDIUM	AV:L/AC:M/Au:N/C:C/I:C/A:C	3.4	10.0	NIST
Access Vector: Local Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2015-7613

CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2015-7613

http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00029.html

[security-announce] SUSE-SU-2015:2087-1: important: Security update for

CVEs referencing this url
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b9a532277938798b53178d5a66af6e2915cb27cf

kernel/git/torvalds/linux.git - Linux kernel source tree
http://www.openwall.com/lists/oss-security/2015/10/01/8

oss-security - CVE Request: Unauthorized access to IPC objects with SysV shm
Exploit
http://www.ubuntu.com/usn/USN-2764-1

USN-2764-1: Linux kernel (Utopic HWE) vulnerability | Ubuntu security notices
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00030.html

[security-announce] SUSE-SU-2015:2089-1: important: Security update for

CVEs referencing this url
https://github.com/torvalds/linux/commit/b9a532277938798b53178d5a66af6e2915cb27cf

Initialize msg/shm IPC objects before doing ipc_addid() · torvalds/linux@b9a5322 · GitHub
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00032.html

[security-announce] SUSE-SU-2015:2091-1: important: Security update for

CVEs referencing this url
http://www.securityfocus.com/bid/76977

Linux Kernel 'ipc_addid()' Function Local Memory Corruption Vulnerability
http://www.ubuntu.com/usn/USN-2762-1

USN-2762-1: Linux kernel vulnerability | Ubuntu security notices
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00026.html

[security-announce] SUSE-SU-2015:2084-1: important: Security update for

CVEs referencing this url
http://www.ubuntu.com/usn/USN-2761-1

USN-2761-1: Linux kernel vulnerability | Ubuntu security notices
https://kc.mcafee.com/corporate/index?page=content&id=SB10146

McAfee Security Bulletin: Network Security Appliance software update fixes a vulnerability in the IPC object implementation within the Linux kernel
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00028.html

[security-announce] SUSE-SU-2015:2086-1: important: Security update for

CVEs referencing this url
http://www.ubuntu.com/usn/USN-2765-1

USN-2765-1: Linux kernel (Vivid HWE) vulnerability | Ubuntu security notices
http://www.ubuntu.com/usn/USN-2792-1

USN-2792-1: Linux kernel vulnerabilities | Ubuntu security notices

CVEs referencing this url
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

Oracle Linux Bulletin - October 2015

CVEs referencing this url
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

Oracle Linux Bulletin - January 2016

CVEs referencing this url
http://www.ubuntu.com/usn/USN-2763-1

USN-2763-1: Linux kernel (Trusty HWE) vulnerability | Ubuntu security notices
http://www.securitytracker.com/id/1034094

Linux Kernel ipc_addid() Race Condition Lets Local Users Gain Elevated Privileges - SecurityTracker
http://www.securitytracker.com/id/1034592

Google Android Multiple Flaws Let Remote Users Execute Arbitrary Code and Applications Gain Elevated Privileges - SecurityTracker

CVEs referencing this url
http://rhn.redhat.com/errata/RHSA-2015-2636.html

RHSA-2015:2636 - Security Advisory - Red Hat Customer Portal

CVEs referencing this url
https://bugzilla.redhat.com/show_bug.cgi?id=1268270

1268270 – (CVE-2015-7613) CVE-2015-7613 kernel: Unauthorized access to IPC objects with SysV shm
http://www.debian.org/security/2015/dsa-3372

Debian -- Security Information -- DSA-3372-1 linux

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00009.html

[security-announce] SUSE-SU-2015:1727-1: important: Security update for

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00031.html

[security-announce] SUSE-SU-2015:2090-1: important: Security update for

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00027.html

[security-announce] SUSE-SU-2015:2085-1: important: Security update for

CVEs referencing this url

Products affected by CVE-2015-7613

Linux » Linux Kernel
Versions up to, including, (<=) 4.2.3
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2015-7613

Exploit prediction scoring system (EPSS) score for CVE-2015-7613

CVSS scores for CVE-2015-7613

CWE ids for CVE-2015-7613

References for CVE-2015-7613

Products affected by CVE-2015-7613