Published: 06/08/2015 Updated: 22/04/2019

CVSS v2 Base Score: 4.9 | Impact Score: 6.9 | Exploitability Score: 3.9

VMScore: 437

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

The ping_unhash function in net/ipv4/ping.c in the Linux kernel prior to 4.0.3 does not initialize a certain list data structure during an unhash operation, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) by leveraging the ability to make a SOCK_DGRAM socket system call for the IPPROTO_ICMP or IPPROTO_ICMPV6 protocol, and then making a connect system call after a disconnect.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel
redhat enterprise linux 6.0
debian debian linux 7.0
canonical ubuntu linux 12.04

A buffer overflow flaw was found in the way the Linux kernel's Intel AES-NI instructions optimized version of the RFC4106 GCM mode decryption functionality handled fragmented packets A remote attacker could use this flaw to crash, or potentially escalate their privileges on, a system over a connection with an active AEC-GCM mode IPSec security ass ...

Several security issues were fixed in the kernel ...

It was found that the Linux kernel's ping socket implementation did not properly handle socket unhashing during spurious disconnects, which could lead to a use-after-free flaw On x86-64 architecture systems, a local user able to create ping sockets could use this flaw to crash the system On non-x86-64 architecture systems, a local user able to cr ...

Automatic Exploit Generation Paper

Recent Papers Related To Automatic Exploit Generation remark: This website is only used for collecting and grouping the related paper If there are any paper need to be updated, you can contribute PR All Papers (Classification according to Publication) Survey/Review 软件漏洞自动利用研究进展 Crash可利用性分析方法研究综述 The Coming Era of AlphaHacking

cve-2015-3636

NVD-CWE-Other http://www.openwall.com/lists/oss-security/2015/05/02/5 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.3 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a134f083e79fb4c3d0a925691e732c56911b4326 https://bugzilla.redhat.com/show_bug.cgi?id=1218074 https://github.com/torvalds/linux/commit/a134f083e79fb4c3d0a925691e732c56911b4326 http://www.debian.org/security/2015/dsa-3290 http://rhn.redhat.com/errata/RHSA-2015-1564.html http://www.ubuntu.com/usn/USN-2631-1 http://www.ubuntu.com/usn/USN-2632-1 http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html http://www.securityfocus.com/bid/74450 http://www.ubuntu.com/usn/USN-2634-1 http://www.ubuntu.com/usn/USN-2633-1 http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157897.html http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157788.html http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158804.html http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.html http://www.securitytracker.com/id/1033186 http://rhn.redhat.com/errata/RHSA-2015-1643.html http://rhn.redhat.com/errata/RHSA-2015-1583.html http://rhn.redhat.com/errata/RHSA-2015-1534.html http://rhn.redhat.com/errata/RHSA-2015-1221.html https://nvd.nist.gov https://github.com/hjyuan/AEGPaper https://alas.aws.amazon.com/ALAS-2015-523.html https://access.redhat.com/security/cve/cve-2015-3636 https://usn.ubuntu.com/2636-1/

CVE-2015-3636

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect