Published: 08/02/2016 Updated: 14/05/2024

CVSS v2 Base Score: 6.9 | Impact Score: 10 | Exploitability Score: 3.4

CVSS v3 Base Score: 7 | Impact Score: 5.9 | Exploitability Score: 1

VMScore: 614

Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

kernel/ptrace.c in the Linux kernel up to and including 4.4.1 mishandles uid and gid mappings, which allows local users to gain privileges by establishing a user namespace, waiting for a root process to enter that namespace with an unsafe uid or gid, and then using the ptrace system call. NOTE: the vendor states "there is no kernel bug here.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel

Debian Bug report logs - #808293 Regression in short UDP reads caused by "net: Fix skb csum races when peeking" Package: src:linux; Maintainer for src:linux is Debian Kernel Team <debian-kernel@listsdebianorg>; Affects: freeradius Reported by: Francesco Politi <fpoliti@micsoit> Date: Fri, 18 Dec 2015 12:09:01 UTC ...

The Linux kernel before 441 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unixc and net/unix/garbagec (CVE-2013-4312) A race condition in the tty_ioctl function in drivers/tty/tty_ioc in the Linux ke ...

The system could be made to provide access outside of namespace sandbox ...

Several security issues were fixed in the kernel ...

CVE-2015-8709

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect