Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.9
CVSSv2

CVE-2015-3332

Published: 27/05/2015 Updated: 11/04/2016
CVSS v2 Base Score: 4.9 | Impact Score: 6.9 | Exploitability Score: 3.9
VMScore: 436
Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C
Subscribe to Debian

Vulnerability Summary

A certain backport in the TCP Fast Open implementation for the Linux kernel prior to 3.18 does not properly maintain a count value, which allow local users to cause a denial of service (system crash) via the Fast Open feature, as demonstrated by visiting the chrome://flags/#enable-tcp-fast-open URL when using certain 3.10.x up to and including 3.16.x kernel builds, including longterm-maintenance releases and ckt (aka Canonical Kernel Team) builds.

Vulnerable Product Search on Vulmon Subscribe to Product

debian debian linux

linux linux kernel

Vendor Advisories

Debian CVElist Bug Report Logs: [regression] BUG in process context when using TCP Fast Open (CVE-2015-2015-3332)
Debian Bug report logs - #782515 [regression] BUG in process context when using TCP Fast Open (CVE-2015-2015-3332) Package: src:linux; Maintainer for src:linux is Debian Kernel Team <debian-kernel@listsdebianorg>; Reported by: Antti Salmela <asalmela@ikifi> Date: Mon, 13 Apr 2015 14:48:02 UTC Severity: important ...
Debian CVElist Bug Report Logs: Buffer overruns in Linux kernel RFC4106 implementation using AESNI (CVE-2015-3331)
Debian Bug report logs - #782561 Buffer overruns in Linux kernel RFC4106 implementation using AESNI (CVE-2015-3331) Package: src:linux; Maintainer for src:linux is Debian Kernel Team <debian-kernel@listsdebianorg>; Reported by: Romain Francoise <rfrancoise@debianorg> Date: Tue, 14 Apr 2015 08:57:02 UTC Severity: n ...
Debian Security Advisories: DSA-3237-1 linux -- security update
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks CVE-2014-8159 It was found that the Linux kernel's InfiniBand/RDMA subsystem did not properly sanitize input parameters while registering memory regions from user space via the (u)verbs API ...
Ubuntu Security Notice: linux-lts-trusty vulnerability
The system could be made to crash under certain conditions ...
Ubuntu Security Notice: linux vulnerability
The system could be made to crash under certain conditions ...
Ubuntu Security Notice: linux vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux-lts-utopic vulnerabilities
Several security issues were fixed in the kernel ...
Red Hat: CVE-2015-3332
A certain backport in the TCP Fast Open implementation for the Linux kernel before 318 does not properly maintain a count value, which allow local users to cause a denial of service (system crash) via the Fast Open feature, as demonstrated by visiting the chrome://flags/#enable-tcp-fast-open URL when using certain 310x through 316x kernel buil ...

References

CWE-399https://bugs.debian.org/782515http://article.gmane.org/gmane.linux.network/359588https://bugzilla.redhat.com/show_bug.cgi?id=1213951http://www.openwall.com/lists/oss-security/2015/04/14/14http://www.debian.org/security/2015/dsa-3237https://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=782515https://usn.ubuntu.com/2619-1/https://access.redhat.com/security/cve/cve-2015-3332https://www.debian.org/security/./dsa-3237
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32886insecure direct object referenceCVE-2024-34342file inclusionCVE-2024-34562CVE-2024-34347CVE-2024-26026CVE-2024-4647unprivileged
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook