1. Home
  2. Vulnerabilities
  3. CVE-2015-8543

CVE-2015-8543

CVSS v3.1 7 (High)
70% Progress
CVSS v2.0 6.9 (Medium)
69% Progress
EPSS 0.04 % (11th)
0.04% Progress
Affected Products 1
Advisories 25
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

The networking implementation in the Linux kernel through 4.3.3, as used in Android and other products, does not validate protocol identifiers for certain protocol families, which allows local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application.

Weaknesses
CWE-NVD-Other
CVE Status
PUBLISHED
CNA
MITRE
Published Date
2015-12-28 11:59:06
(8 years ago)
Updated Date
2023-06-07 12:47:10
(15 months ago)

Affected Products

Linux

Configuration #1

    CPE23 From Up To
  Linux Kernel prior 3.2.75 version cpe:2.3:o:linux:linux_kernel < 3.2.75
  Linux Kernel from 3.3 version and prior 3.4.111 version cpe:2.3:o:linux:linux_kernel >= 3.3 < 3.4.111
  Linux Kernel from 3.5 version and prior 3.10.95 version cpe:2.3:o:linux:linux_kernel >= 3.5 < 3.10.95
  Linux Kernel from 3.11 version and prior 3.12.52 version cpe:2.3:o:linux:linux_kernel >= 3.11 < 3.12.52
  Linux Kernel from 3.13 version and prior 3.14.59 version cpe:2.3:o:linux:linux_kernel >= 3.13 < 3.14.59
  Linux Kernel from 3.15 version and prior 3.16.35 version cpe:2.3:o:linux:linux_kernel >= 3.15 < 3.16.35
  Linux Kernel from 3.17 version and prior 3.18.26 version cpe:2.3:o:linux:linux_kernel >= 3.17 < 3.18.26
  Linux Kernel from 3.19 version and prior 4.1.16 version cpe:2.3:o:linux:linux_kernel >= 3.19 < 4.1.16
  Linux Kernel from 4.2 version and prior 4.3.4 version cpe:2.3:o:linux:linux_kernel >= 4.2 < 4.3.4