Published: 31/08/2015 Updated: 21/11/2023

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

VMScore: 642

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Array index error in the tcm_vhost_make_tpg function in drivers/vhost/scsi.c in the Linux kernel prior to 4.0 might allow guest OS users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted VHOST_SCSI_SET_ENDPOINT ioctl call. NOTE: the affected function was renamed to vhost_scsi_make_tpg before the vulnerability was announced.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel 3.6
linux linux kernel

Several security issues were fixed in the kernel ...

Array index error in the tcm_vhost_make_tpg function in drivers/vhost/scsic in the Linux kernel before 40 might allow guest OS users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted VHOST_SCSI_SET_ENDPOINT ioctl call NOTE: the affected function was renamed to vhost_scsi_make_tpg before the ...

CWE-119 https://github.com/torvalds/linux/commit/59c816c1f24df0204e01851431d3bab3eb76719c http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=59c816c1f24df0204e01851431d3bab3eb76719c http://www.openwall.com/lists/oss-security/2015/05/13/4 https://bugzilla.redhat.com/show_bug.cgi?id=1189864 http://www.securityfocus.com/bid/74664 http://www.ubuntu.com/usn/USN-2634-1 http://www.ubuntu.com/usn/USN-2633-1 http://www.securitytracker.com/id/1033729 http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00049.html https://nvd.nist.gov https://usn.ubuntu.com/2565-1/https://access.redhat.com/security/cve/cve-2015-4036

CVE-2015-4036

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect