Vulnerability Details : CVE-2015-8787
The nf_nat_redirect_ipv4 function in net/netfilter/nf_nat_redirect.c in the Linux kernel before 4.4 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by sending certain IPv4 packets to an incompletely configured interface, a related issue to CVE-2003-1604.
Vulnerability category: Memory CorruptionDenial of service
Products affected by CVE-2015-8787
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-8787
9.16%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 92 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-8787
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST | |
|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2015-8787
-
The product dereferences a pointer that it expects to be valid but is NULL.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-8787
-
http://www.ubuntu.com/usn/USN-2889-2
USN-2889-2: Linux kernel (Vivid HWE) vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://www.ubuntu.com/usn/USN-2890-3
USN-2890-3: Linux kernel (Raspberry Pi 2) vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=1300731
1300731 – (CVE-2015-8787) CVE-2015-8787 kernel: Missing NULL pointer check in nf_nat_redirect_ipv4Issue Tracking
-
http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
Oracle VM Server for x86 Bulletin - October 2016Third Party Advisory
-
https://github.com/torvalds/linux/commit/94f9cd81436c85d8c3a318ba92e236ede73752fc
netfilter: nf_nat_redirect: add missing NULL pointer check · torvalds/linux@94f9cd8 · GitHubIssue Tracking;Patch;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html
[security-announce] openSUSE-SU-2016:1008-1: important: Security updateThird Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176464.html
[SECURITY] Fedora 23 Update: kernel-4.3.4-300.fc23Third Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176484.html
[SECURITY] Fedora 22 Update: kernel-4.3.4-200.fc22Third Party Advisory
-
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=94f9cd81436c85d8c3a318ba92e236ede73752fc
kernel/git/torvalds/linux.git - Linux kernel source treeIssue Tracking;Patch;Vendor Advisory
-
http://www.ubuntu.com/usn/USN-2889-1
USN-2889-1: Linux kernel vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://www.ubuntu.com/usn/USN-2890-1
USN-2890-1: Linux kernel vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://www.ubuntu.com/usn/USN-2890-2
USN-2890-2: Linux kernel (Wily HWE) vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://www.openwall.com/lists/oss-security/2016/01/27/6
oss-security - CVE Request: Linux: NULL pointer dereference netfilter/nf_nat_redirect.c in nf_nat_redirect_ipv4 functionMailing List
-
http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
Oracle Linux Bulletin - July 2016Third Party Advisory
Jump to