CVE-2015-3636
CVSS v2.0
4.9 (Medium)
EPSS
0.04 % (11th)
Affected Products
4
Advisories
36
The ping_unhash function in net/ipv4/ping.c in the Linux kernel before 4.0.3 does not initialize a certain list data structure during an unhash operation, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) by leveraging the ability to make a SOCK_DGRAM socket system call for the IPPROTO_ICMP or IPPROTO_ICMPV6 protocol, and then making a connect system call after a disconnect.
- CVE Status
- PUBLISHED
- CNA
- MITRE
- Published Date
-
2015-08-06 01:59:00
(9 years ago) - Updated Date
-
2019-04-22 17:48:00
(5 years ago)
Affected Products
Loading...
Loading...
Configuration #1
|
Configuration #2
|
Configuration #3
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...