Vulnerability Details : CVE-2015-5364
The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 do not properly consider yielding a processor, which allows remote attackers to cause a denial of service (system hang) via incorrect checksums within a UDP packet flood.
Vulnerability category: Denial of service
Products affected by CVE-2015-5364
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-5364
23.62%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 96 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-5364
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.8
|
HIGH | AV:N/AC:L/Au:N/C:N/I:N/A:C |
10.0
|
6.9
|
NIST |
CWE ids for CVE-2015-5364
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-5364
-
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00018.html
[security-announce] SUSE-SU-2015:1592-1: important: Security update forMailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00011.html
[security-announce] SUSE-SU-2015:1491-1: important: Live patch for the LMailing List;Third Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=1239029
1239029 – (CVE-2015-5364, CVE-2015-5366) CVE-2015-5366 CVE-2015-5364 kernel: net: incorrect processing of checksums in UDP implementationIssue Tracking
-
http://www.securitytracker.com/id/1032794
Linux Kernel UDP Processing Flaw Lets Remote Users Deny Service - SecurityTrackerThird Party Advisory;VDB Entry
-
http://www.debian.org/security/2015/dsa-3313
Debian -- Security Information -- DSA-3313-1 linuxThird Party Advisory
-
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
Juniper Networks - 2016-10 Security Bulletin: CTPView: Multiple vulnerabilities in CTPViewThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2016:1225
RHSA-2016:1225 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://github.com/torvalds/linux/commit/beb39db59d14990e401e235faf66a6b9b31240b0
udp: fix behavior of wrong checksums · torvalds/linux@beb39db · GitHubThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00021.html
[security-announce] SUSE-SU-2015:1611-1: important: Security update forMailing List;Third Party Advisory
-
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.6
Vendor Advisory
-
http://www.ubuntu.com/usn/USN-2680-1
USN-2680-1: Linux kernel (Trusty HWE) vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00049.html
[security-announce] SUSE-SU-2015:1324-1: important: Security update forMailing List;Third Party Advisory
-
http://www.ubuntu.com/usn/USN-2683-1
USN-2683-1: Linux kernel (Vivid HWE) vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=beb39db59d14990e401e235faf66a6b9b31240b0
kernel/git/torvalds/linux.git - Linux kernel source treeVendor Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html
[security-announce] openSUSE-SU-2015:1382-1: important: Security updateMailing List;Third Party Advisory
-
http://www.debian.org/security/2015/dsa-3329
Debian -- Security Information -- DSA-3329-1 linuxThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.html
[security-announce] SUSE-SU-2015:1224-1: important: Security update forMailing List;Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2015-1778.html
RHSA-2015:1778 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
Oracle Linux Bulletin - October 2015Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2015-1787.html
RHSA-2015:1787 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.html
[security-announce] SUSE-SU-2015:1489-1: important: Live patch for the LMailing List;Third Party Advisory
-
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
Oracle Linux Bulletin - January 2016Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html
[security-announce] SUSE-SU-2015:1478-1: important: Security update forMailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00008.html
[security-announce] SUSE-SU-2015:1488-1: important: Live patch for the LMailing List;Third Party Advisory
-
http://www.ubuntu.com/usn/USN-2713-1
USN-2713-1: Linux kernel vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2016-1100.html
RHSA-2016:1100 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2016-1096.html
RHSA-2016:1096 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www.ubuntu.com/usn/USN-2684-1
USN-2684-1: Linux kernel vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://www.ubuntu.com/usn/USN-2681-1
USN-2681-1: Linux kernel vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://www.ubuntu.com/usn/USN-2714-1
USN-2714-1: Linux kernel (OMAP4) vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2015-1623.html
RHSA-2015:1623 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2016-0045.html
RHSA-2016:0045 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00007.html
[security-announce] SUSE-SU-2015:1487-1: important: Live patch for the LMailing List;Third Party Advisory
-
http://www.ubuntu.com/usn/USN-2682-1
USN-2682-1: Linux kernel (Utopic HWE) vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://www.securityfocus.com/bid/75510
Linux Kernel Multiple Remote Denial of Service VulnerabilityThird Party Advisory;VDB Entry
-
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00010.html
[security-announce] SUSE-SU-2015:1490-1: important: Live patch for the LMailing List;Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2015/06/30/13
oss-security - CVE Request: UDP checksum DoSMailing List;Third Party Advisory
-
https://twitter.com/grsecurity/status/605854034260426753
Twitter / ?Third Party Advisory
Jump to