CVE-2015-2830

CVE Details

Release Date:	2015-04-01
Impact:	Low	What is this?

Description

arch/x86/kernel/entry_64.S in the Linux kernel before 3.19.2 does notprevent the TS_COMPAT flag from reaching a user-mode task, which might allow local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the (1) fork or (2) close system call, as demonstrated by an attack against seccomp before 3.16.

See more information about CVE-2015-2830 from MITRE CVE dictionary and NIST NVD

NOTE: The following CVSS metrics and score provided are preliminary and subject to review.

CVSS v2 metrics

Base Score:	1.9
Vector String:	AV:L/AC:M/Au:N/C:N/I:P/A:N
Version:	2.0
Attack Vector:	Local
Attack Complexity:	Medium
Authentication:	None
Confidentiality Impact:	None
Integrity Impact:	Partial
Availability Impact:	None

Errata information

Platform	Errata	Release Date
Oracle Linux version 5 (kernel-uek)	ELSA-2015-3046	2015-06-24
Oracle Linux version 5 (kernel-uek)	ELSA-2015-3047	2015-06-24
Oracle Linux version 5 (mlnx_en-2.6.32-400.37.6.el5uek)	ELSA-2015-3047	2015-06-24
Oracle Linux version 5 (ofa-2.6.32-400.37.6.el5uek)	ELSA-2015-3047	2015-06-24
Oracle Linux version 6 (dtrace-modules-3.8.13-68.3.3.el6uek)	ELSA-2015-3045	2015-06-24
Oracle Linux version 6 (kernel)	ELSA-2015-1221	2015-07-14
Oracle Linux version 6 (kernel-uek)	ELSA-2015-3045	2015-06-24
Oracle Linux version 6 (kernel-uek)	ELSA-2015-3046	2015-06-24
Oracle Linux version 6 (kernel-uek)	ELSA-2015-3047	2015-06-24
Oracle Linux version 6 (mlnx_en-2.6.32-400.37.6.el6uek)	ELSA-2015-3047	2015-06-24
Oracle Linux version 6 (ofa-2.6.32-400.37.6.el6uek)	ELSA-2015-3047	2015-06-24
Oracle Linux version 7 (dtrace-modules-3.8.13-68.3.3.el7uek)	ELSA-2015-3045	2015-06-24
Oracle Linux version 7 (kernel)	ELSA-2015-1137	2015-06-23
Oracle Linux version 7 (kernel-uek)	ELSA-2015-3045	2015-06-24
Oracle VM version 3.2 (kernel-uek)	OVMSA-2016-0037	2016-03-16
Oracle VM version 3.3 (kernel-uek)	OVMSA-2015-0072	2015-06-24