CVE-2015-7613

Published Oct 19, 2015

Last updated 4 months ago

Overview

Description: Race condition in the IPC object implementation in the Linux kernel through 4.2.3 allows local users to gain privileges by triggering an ipc_addid call that leads to uid and gid comparisons against uninitialized data, related to msg.c, shm.c, and util.c.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.9
Impact score: 10
Exploitability score: 3.4
Vector string: AV:L/AC:M/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-362

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AE120905-B567-4C6A-B5FB-D67BD7F739FC",
            "versionEndExcluding": "3.2.72"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BCA33A60-D0CC-4CB7-80EC-23170FAC9A74",
            "versionEndExcluding": "3.4.111",
            "versionStartIncluding": "3.3"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B8B1C5C6-5CD1-49CF-8D7E-35F0C521C7B0",
            "versionEndExcluding": "3.10.91",
            "versionStartIncluding": "3.5"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B7FD7C23-B43B-4926-8308-E2C6CD3BFA1F",
            "versionEndExcluding": "3.12.50",
            "versionStartIncluding": "3.11"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E8E1FD15-2457-4F3A-8646-72F09023DC8E",
            "versionEndExcluding": "3.14.55",
            "versionStartIncluding": "3.13"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7DC4BA70-B111-4D2E-BC78-6601CED68F08",
            "versionEndExcluding": "3.16.35",
            "versionStartIncluding": "3.15"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7043CE62-482A-4B0E-8EE0-6BD0414183E4",
            "versionEndExcluding": "3.18.23",
            "versionStartIncluding": "3.17"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "06F92550-FE49-41E4-AD36-3231D9425CFF",
            "versionEndExcluding": "4.1.11",
            "versionStartIncluding": "3.19"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A544034C-A7B8-4387-9EC2-E9AD5D6C0163",
            "versionEndExcluding": "4.2.4",
            "versionStartIncluding": "4.2"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References