Vulnerability Details : CVE-2015-1333
Memory leak in the __key_link_end function in security/keys/keyring.c in the Linux kernel before 4.1.4 allows local users to cause a denial of service (memory consumption) via many add_key system calls that refer to existing keys.
Vulnerability category: OverflowDenial of service
Products affected by CVE-2015-1333
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Threat overview for CVE-2015-1333
Top countries where our scanners detected CVE-2015-1333
Top open port discovered on systems with this issue
80
IPs affected by CVE-2015-1333 32,505
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2015-1333!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2015-1333
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 8 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-1333
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.9
|
MEDIUM | AV:L/AC:L/Au:N/C:N/I:N/A:C |
3.9
|
6.9
|
NIST |
CWE ids for CVE-2015-1333
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-1333
-
http://www.ubuntu.com/usn/USN-2691-1
USN-2691-1: Linux kernel vulnerabilities | Ubuntu security notices
-
https://github.com/torvalds/linux/commit/ca4da5dd1f99fe9c59f1709fb43e818b18ad20e0
KEYS: ensure we free the assoc array edit if edit is valid · torvalds/linux@ca4da5d · GitHub
-
http://www.ubuntu.com/usn/USN-2687-1
USN-2687-1: Linux kernel (Trusty HWE) vulnerabilities | Ubuntu security notices
-
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ca4da5dd1f99fe9c59f1709fb43e818b18ad20e0
kernel/git/torvalds/linux.git - Linux kernel source tree
-
https://support.f5.com/csp/article/K05211147
-
http://www.debian.org/security/2015/dsa-3329
Debian -- Security Information -- DSA-3329-1 linux
-
http://rhn.redhat.com/errata/RHSA-2015-1778.html
RHSA-2015:1778 - Security Advisory - Red Hat Customer Portal
-
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
Oracle Linux Bulletin - October 2015
-
http://rhn.redhat.com/errata/RHSA-2015-1787.html
RHSA-2015:1787 - Security Advisory - Red Hat Customer Portal
-
http://www.ubuntu.com/usn/USN-2689-1
USN-2689-1: Linux kernel (Utopic HWE) vulnerabilities | Ubuntu security notices
-
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.4
Vendor Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=1245658
1245658 – (CVE-2015-1333) CVE-2015-1333 kernel: denial of service due to memory leak in add_key()
-
http://www.securityfocus.com/bid/76050
Linux Kernel 'security/keys/keyring.c' Local Denial of Service Vulnerability
-
http://www.openwall.com/lists/oss-security/2015/07/27/7
oss-security - Security issue in Linux Kernel Keyring (CVE-2015-1333)
-
http://www.ubuntu.com/usn/USN-2690-1
USN-2690-1: Linux kernel (Vivid HWE) vulnerabilities | Ubuntu security notices
-
http://www.ubuntu.com/usn/USN-2688-1
USN-2688-1: Linux kernel vulnerabilities | Ubuntu security notices
Jump to