The ping_unhash function in net/ipv4/ping.c in the Linux kernel before 4.0.3 does not initialize a certain list data structure during an unhash operation, which allows local users to gain privileges. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.
Denial Of Service
Linux
Linux Kernel
Debian Linux
Enterprise Linux
+1
NVD
GitHub
CVSS 2.0
4.9
EPSS
3.3%