Published: 16/03/2015 Updated: 07/11/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

The stack randomization feature in the Linux kernel prior to 3.19.1 on 64-bit platforms uses incorrect data types for the results of bitwise left-shift operations, which makes it easier for malicious users to bypass the ASLR protection mechanism by predicting the address of the top of the stack, related to the randomize_stack_top function in fs/binfmt_elf.c and the stack_maxrandom_size function in arch/x86/mm/mmap.c.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel

Synopsis Important: kernel security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring S ...

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leaks or privilege escalation CVE-2013-7421 / CVE-2014-9644 It was discovered that the Crypto API allowed unprivileged users to load arbitrary kernel modules A local user can use this flaw to exploit vulnerabilities ...

Several security issues were fixed in the kernel ...

It was reported that stack address is not properly randomized on some 64 bit architectures due to an integer overflow The stack entropy of the processes is reduced by four ...

CWE-264 http://www.openwall.com/lists/oss-security/2015/02/13/13 https://lkml.org/lkml/2015/1/7/811 https://github.com/torvalds/linux/commit/4e7c22d447bb6d7e37bfe39ff658486ae78e8d77 https://bugzilla.redhat.com/show_bug.cgi?id=1192519 http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.19.1 http://hmarco.org/bugs/linux-ASLR-integer-overflow.html http://www.debian.org/security/2015/dsa-3170 http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html http://www.securityfocus.com/bid/72607 http://www.ubuntu.com/usn/USN-2565-1 http://www.ubuntu.com/usn/USN-2564-1 http://www.ubuntu.com/usn/USN-2563-1 http://www.ubuntu.com/usn/USN-2562-1 http://www.ubuntu.com/usn/USN-2561-1 http://www.ubuntu.com/usn/USN-2560-1 http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00009.html http://rhn.redhat.com/errata/RHSA-2015-1221.html http://rhn.redhat.com/errata/RHSA-2015-1138.html http://rhn.redhat.com/errata/RHSA-2015-1137.html https://access.redhat.com/errata/RHSA-2019:3517 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4e7c22d447bb6d7e37bfe39ff658486ae78e8d77 https://access.redhat.com/errata/RHSA-2019:3517 https://nvd.nist.gov https://usn.ubuntu.com/2565-1/https://www.debian.org/security/./dsa-3170

CVE-2015-1593

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect