Vulnerability Details : CVE-2015-3332
A certain backport in the TCP Fast Open implementation for the Linux kernel before 3.18 does not properly maintain a count value, which allow local users to cause a denial of service (system crash) via the Fast Open feature, as demonstrated by visiting the chrome://flags/#enable-tcp-fast-open URL when using certain 3.10.x through 3.16.x kernel builds, including longterm-maintenance releases and ckt (aka Canonical Kernel Team) builds.
Vulnerability category: Denial of service
Products affected by CVE-2015-3332
- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-3332
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-3332
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.9
|
MEDIUM | AV:L/AC:L/Au:N/C:N/I:N/A:C |
3.9
|
6.9
|
NIST |
CWE ids for CVE-2015-3332
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-3332
-
http://www.openwall.com/lists/oss-security/2015/04/14/14
oss-security - TCP Fast Open local DoS in some Linux stable branches
-
https://bugs.debian.org/782515
#782515 - [regression] BUG in process context when using TCP Fast Open (CVE-2015-2015-3332) - Debian Bug report logs
-
http://article.gmane.org/gmane.linux.network/359588
-
http://www.debian.org/security/2015/dsa-3237
Debian -- Security Information -- DSA-3237-1 linux
-
https://bugzilla.redhat.com/show_bug.cgi?id=1213951
1213951 – (CVE-2015-3332) CVE-2015-3332 kernel: TCP Fast Open local DoS
Jump to