Vulnerability Details : CVE-2015-8812
drivers/infiniband/hw/cxgb3/iwch_cm.c in the Linux kernel before 4.5 does not properly identify error conditions, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted packets.
Vulnerability category: Memory CorruptionExecute codeDenial of service
Products affected by CVE-2015-8812
- cpe:2.3:o:novell:suse_linux_enterprise_real_time_extension:12:sp1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-8812
4.16%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 92 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-8812
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
References for CVE-2015-8812
-
http://www.ubuntu.com/usn/USN-2948-1
USN-2948-1: Linux kernel (Utopic HWE) vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00032.html
[security-announce] SUSE-SU-2016:1039-1: important: Security update forMailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html
[security-announce] SUSE-SU-2016:0911-1: important: Security update forMailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html
[security-announce] SUSE-SU-2016:1764-1: important: Security update forThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html
[security-announce] SUSE-SU-2016:1102-1: important: Security update forMailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00031.html
[security-announce] SUSE-SU-2016:1038-1: important: Security update forMailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00027.html
[security-announce] SUSE-SU-2016:1033-1: important: Security update forMailing List;Third Party Advisory
-
http://www.ubuntu.com/usn/USN-2946-1
USN-2946-1: Linux kernel vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2016-2574.html
RHSA-2016:2574 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=67f1aee6f45059fd6b0f5b0ecb2c97ad0451f6b3
kernel/git/torvalds/linux.git - Linux kernel source treeVendor Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00029.html
[security-announce] SUSE-SU-2016:1035-1: important: Security update forMailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html
[security-announce] SUSE-SU-2016:2074-1: important: Security update forMailing List;Third Party Advisory
-
http://www.debian.org/security/2016/dsa-3503
Debian -- Security Information -- DSA-3503-1 linuxThird Party Advisory
-
https://github.com/torvalds/linux/commit/67f1aee6f45059fd6b0f5b0ecb2c97ad0451f6b3
iw_cxgb3: Fix incorrectly returning error on success · torvalds/linux@67f1aee · GitHubPatch;Vendor Advisory
-
http://www.ubuntu.com/usn/USN-2949-1
USN-2949-1: Linux kernel (Vivid HWE) vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html
[security-announce] openSUSE-SU-2016:1008-1: important: Security updateMailing List;Third Party Advisory
-
http://www.ubuntu.com/usn/USN-2947-3
USN-2947-3: Linux kernel (Raspberry Pi 2) vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://www.ubuntu.com/usn/USN-2967-2
USN-2967-2: Linux kernel (OMAP4) vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://www.ubuntu.com/usn/USN-2947-2
USN-2947-2: Linux kernel (Wily HWE) vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00026.html
[security-announce] SUSE-SU-2016:1032-1: important: Security update forMailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00037.html
[security-announce] SUSE-SU-2016:1046-1: important: Security update forMailing List;Third Party Advisory
-
http://www.ubuntu.com/usn/USN-2946-2
USN-2946-2: Linux kernel (Trusty HWE) vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://www.ubuntu.com/usn/USN-2947-1
USN-2947-1: Linux kernel vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00030.html
[security-announce] SUSE-SU-2016:1037-1: important: Security update forMailing List;Third Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=1303532
1303532 – (CVE-2015-8812) CVE-2015-8812 kernel: CXGB3: Logic bug in return code handling prematurely frees key structures causing Use after free or kernel panic.Issue Tracking;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00025.html
[security-announce] SUSE-SU-2016:1031-1: important: Security update forMailing List;Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2016/02/11/1
oss-security - Linux kernel: Flaw in CXGB3 driver.Mailing List;Release Notes;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00028.html
[security-announce] SUSE-SU-2016:1034-1: important: Security update forMailing List;Third Party Advisory
-
http://www.securityfocus.com/bid/83218
Linux Kernel CVE-2015-8812 Local Privilege Escalation VulnerabilityThird Party Advisory;VDB Entry
-
http://rhn.redhat.com/errata/RHSA-2016-2584.html
RHSA-2016:2584 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www.ubuntu.com/usn/USN-2948-2
USN-2948-2: Linux kernel (Utopic HWE) regression | Ubuntu security noticesThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html
[security-announce] SUSE-SU-2016:1019-1: important: Security update forMailing List;Third Party Advisory
-
http://www.ubuntu.com/usn/USN-2967-1
USN-2967-1: Linux kernel vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00034.html
[security-announce] SUSE-SU-2016:1041-1: important: Security update forMailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00036.html
[security-announce] SUSE-SU-2016:1045-1: important: Security update forMailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00033.html
[security-announce] SUSE-SU-2016:1040-1: important: Security update forMailing List;Third Party Advisory
Jump to