Published: 28/12/2015 Updated: 17/10/2018

CVSS v2 Base Score: 5.9 | Impact Score: 8.5 | Exploitability Score: 3.4

CVSS v3 Base Score: 5.8 | Impact Score: 4.7 | Exploitability Score: 1

VMScore: 525

Vector: AV:L/AC:M/Au:N/C:P/I:P/A:C

Subscribe to Linux

Race condition in the rds_sendmsg function in net/rds/sendmsg.c in the Linux kernel prior to 4.3.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6937.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel

Several security issues were fixed in the kernel ...

Several security issues were fixed in the kernel ...

Several security issues were fixed in the kernel ...

Several security issues were fixed in the kernel ...

Several security issues were fixed in the kernel ...

Several security issues were fixed in the kernel ...

Several security issues were fixed in the kernel ...

Several security issues were fixed in the kernel ...

Several security issues were fixed in the kernel ...

Several security issues were fixed in the kernel ...

A denial of service flaw was discovered in the Linux kernel, where a race condition caused a NULL pointer dereference in the RDS socket-creation code A local attacker could use this flaw to create a situation in which a NULL pointer crashed the kernel ...

CWE-362 https://lkml.org/lkml/2015/10/16/530 https://bugzilla.redhat.com/show_bug.cgi?id=1276437 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8c7188b23474cca017b3ef354c4a58456f68303a http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.3 https://bugzilla.suse.com/show_bug.cgi?id=952384 https://github.com/torvalds/linux/commit/8c7188b23474cca017b3ef354c4a58456f68303a http://www.openwall.com/lists/oss-security/2015/10/27/5 http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html http://www.securityfocus.com/bid/77340 http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00021.html http://www.ubuntu.com/usn/USN-2889-1 http://www.ubuntu.com/usn/USN-2890-1 http://www.ubuntu.com/usn/USN-2890-3 http://www.ubuntu.com/usn/USN-2887-2 http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00007.html http://www.ubuntu.com/usn/USN-2888-1 http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00018.html http://www.ubuntu.com/usn/USN-2889-2 http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00020.html http://www.ubuntu.com/usn/USN-2890-2 http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00022.html http://www.ubuntu.com/usn/USN-2887-1 http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00034.html http://www.ubuntu.com/usn/USN-2886-1 http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00019.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00035.html http://www.debian.org/security/2015/dsa-3396 http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00026.html http://lists.opensuse.org/opensuse-updates/2015-12/msg00039.html http://www.securitytracker.com/id/1034453 http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00018.html http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html https://nvd.nist.gov https://usn.ubuntu.com/2886-1/

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook