CVE-2015-8543

CVE Details

Release Date:	2015-12-09
Impact:	Moderate	What is this?

Description

The networking implementation in the Linux kernel through 4.3.3, asused in Android and other products, does not validate protocol identifiers for certain protocol families, which allows local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application.

See more information about CVE-2015-8543 from MITRE CVE dictionary and NIST NVD

NOTE: The following CVSS metrics and score provided are preliminary and subject to review.

CVSS v2 metrics

Base Score:	4.6
Vector String:	AV:L/AC:L/Au:S/C:N/I:N/A:C
Version:	2.0
Attack Vector:	Local
Attack Complexity:	Low
Authentication:	Single
Confidentiality Impact:	None
Integrity Impact:	None
Availability Impact:	Complete

Errata information

Platform	Errata	Release Date
Oracle Linux version 5 (kernel-uek)	ELSA-2016-3566	2016-05-20
Oracle Linux version 5 (kernel-uek)	ELSA-2016-3567	2016-05-20
Oracle Linux version 5 (mlnx_en-2.6.32-400.37.17.el5uek)	ELSA-2016-3567	2016-05-20
Oracle Linux version 5 (ofa-2.6.32-400.37.17.el5uek)	ELSA-2016-3567	2016-05-20
Oracle Linux version 6 (dtrace-modules-3.8.13-118.6.2.el6uek)	ELSA-2016-3565	2016-05-20
Oracle Linux version 6 (kernel)	ELSA-2016-0855	2016-05-16
Oracle Linux version 6 (kernel-uek)	ELSA-2016-3565	2016-05-20
Oracle Linux version 6 (kernel-uek)	ELSA-2016-3566	2016-05-20
Oracle Linux version 6 (kernel-uek)	ELSA-2016-3567	2016-05-20
Oracle Linux version 6 (mlnx_en-2.6.32-400.37.17.el6uek)	ELSA-2016-3567	2016-05-20
Oracle Linux version 6 (ofa-2.6.32-400.37.17.el6uek)	ELSA-2016-3567	2016-05-20
Oracle Linux version 7 (dtrace-modules-3.8.13-118.6.2.el7uek)	ELSA-2016-3565	2016-05-20
Oracle Linux version 7 (kernel)	ELSA-2016-2574	2016-11-09
Oracle Linux version 7 (kernel-uek)	ELSA-2016-3565	2016-05-20
Oracle VM version 3.3 (kernel-uek)	OVMSA-2016-0053	2016-05-20