Skip to main content

Suse Linux Enterprise Real Time Extension CVE-2015-8812

CRITICAL
2016-04-27 cve@mitre.org
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Apr 27, 2016 - 17:59 cve.org
CRITICAL 9.8

DescriptionCVE.org

drivers/infiniband/hw/cxgb3/iwch_cm.c in the Linux kernel before 4.5 does not properly identify error conditions, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted packets.

AnalysisAI

drivers/infiniband/hw/cxgb3/iwch_cm.c in the Linux kernel before 4.5 does not properly identify error conditions, which allows remote attackers to execute arbitrary code or cause a denial of service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Technical ContextAI

drivers/infiniband/hw/cxgb3/iwch_cm.c in the Linux kernel before 4.5 does not properly identify error conditions, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted packets. Affected products include: Novell Suse Linux Enterprise Real Time Extension, Linux Linux Kernel, Canonical Ubuntu Linux. Version information: before 4.5.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2016-4997 HIGH POC
7.8 Jul 03

The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux

CVE-2016-3134 HIGH POC
8.4 Apr 27

The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local us

CVE-2016-3672 HIGH POC
7.8 Apr 27

The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not properly randomize t

CVE-2015-8550 HIGH
8.2 Apr 14

Xen, when used on a system providing PV backends, allows local guest OS administrators to cause a denial of service (hos

CVE-2016-2384 MEDIUM POC
4.6 Apr 27

Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c in the Linux kernel before 4.5 allows p

CVE-2015-7833 MEDIUM POC
4.9 Oct 19

The usbvision driver in the Linux kernel package 3.10.0-123.20.1.el7 through 3.10.0-229.14.1.el7 in Red Hat Enterprise L

CVE-2015-7566 MEDIUM POC
4.6 Feb 08

The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate a

CVE-2016-3136 MEDIUM POC
4.6 May 02

The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in the Linux kernel before 4.5.1 allows physically p

CVE-2016-3140 MEDIUM POC
4.6 May 02

The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically p

CVE-2016-2188 MEDIUM POC
4.6 May 02

The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel before 4.5.1 allows physically proximat

CVE-2016-3139 MEDIUM POC
4.6 Apr 27

The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel before 3.17 allows physically proximate

CVE-2016-2184 MEDIUM POC
4.6 Apr 27

The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel before 4.5.

Share

CVE-2015-8812 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy