CVE-2015-9004

CVSS v3.1 7.8 (High)

CVSS v2.0 9.3 (High)

EPSS 0.07 % (31^th)

Affected Products 2

Advisories 1

kernel/events/core.c in the Linux kernel before 3.19 mishandles counter grouping, which allows local users to gain privileges via a crafted application, related to the perf_pmu_register and perf_event_open functions.

Weaknesses

CWE-264: Permissions, Privileges, and Access Controls

CVE Status: PUBLISHED
CNA: Android (associated with Google Inc. or Open Handset Alliance)
Published Date: 2017-05-02 21:59:00
(7 years ago)
Updated Date: 2023-01-19 16:07:57
(20 months ago)

Affected Products

Google

Android

Linux

Linux Kernel

Configuration #1

	CPE23	From	Up To
Linux Kernel prior 3.2.95 version	cpe:2.3:o:linux:linux_kernel		< 3.2.95
Linux Kernel from 3.10.65 version and prior 3.10.105 version	cpe:2.3:o:linux:linux_kernel	>= 3.10.65	< 3.10.105
Linux Kernel from 3.12 version and prior 3.12.68 version	cpe:2.3:o:linux:linux_kernel	>= 3.12	< 3.12.68
Linux Kernel from 3.14.29 version and prior 3.16.35 version	cpe:2.3:o:linux:linux_kernel	>= 3.14.29	< 3.16.35
Linux Kernel from 3.18.3 version and prior 3.18.52 version	cpe:2.3:o:linux:linux_kernel	>= 3.18.3	< 3.18.52

Configuration #2

		CPE23	From	Up To
	Google Android 7.1.1 and prior versions	cpe:2.3:o:google:android		<= 7.1.1