CVE-2015-4036

Published Aug 31, 2015

Last updated a year ago

CVSS info 7.2

Overview

Description: Array index error in the tcm_vhost_make_tpg function in drivers/vhost/scsi.c in the Linux kernel before 4.0 might allow guest OS users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted VHOST_SCSI_SET_ENDPOINT ioctl call. NOTE: the affected function was renamed to vhost_scsi_make_tpg before the vulnerability was announced.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.2
Impact score: 10
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-119

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D3255027-0A48-43E5-9E50-89A18E256E98",
            "versionEndExcluding": "3.10.90",
            "versionStartExcluding": "3.6"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8D0C4C2A-444F-4959-BBA9-AEBD29C2CA7E",
            "versionEndExcluding": "3.12.44",
            "versionStartIncluding": "3.11"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8A11EA50-ADF8-4F55-975C-C7DB23C9B455",
            "versionEndExcluding": "3.14.57",
            "versionStartIncluding": "3.13"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7DC4BA70-B111-4D2E-BC78-6601CED68F08",
            "versionEndExcluding": "3.16.35",
            "versionStartIncluding": "3.15"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1CE06EBF-9588-4C87-A85F-8224C668D218",
            "versionEndExcluding": "3.18.25",
            "versionStartIncluding": "3.17"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8A7FC79A-26B7-4E34-BB99-D25E74514239",
            "versionEndExcluding": "4.0",
            "versionStartIncluding": "3.19"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:3.6:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E7D72FF4-3906-4585-B39A-A9B194F53204"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:3.6:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "61B347F1-DB7C-4078-AED9-BF4906F0DEB7"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:3.6:rc3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E0FCBD80-8462-4642-B2F0-54896776CF07"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:3.6:rc4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "42F72762-D825-4B81-93BB-5B7F54313F46"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:3.6:rc5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "41FDE042-F389-4580-BEBB-EBAB4F562477"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:3.6:rc6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "329C7DD0-9CEA-4D15-B0FE-B3565EE53A63"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:3.6:rc7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A6067C5D-29B3-4EE2-BDCA-3F204F25F1C0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References