CVE-2015-8539

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2015-8539
The KEYS subsystem in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (BUG) via crafted keyctl commands that negatively instantiate a key, related to security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and security/keys/user_defined.c.

7.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.2 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=096fe9eaea40a17e125569f9e657e34cdb6d73bd Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00007.html Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00008.html Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00009.html Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00011.html Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00017.html Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00018.html Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00019.html Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00020.html Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00021.html Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00022.html Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00034.html Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html Third Party Advisory
http://www.openwall.com/lists/oss-security/2015/12/09/1 Issue Tracking Mailing List Patch Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:0151 Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:0152 Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:0181 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1284450 Issue Tracking Third Party Advisory
https://github.com/torvalds/linux/commit/096fe9eaea40a17e125569f9e657e34cdb6d73bd Issue Tracking Patch Vendor Advisory
https://usn.ubuntu.com/3798-1/ Third Party Advisory
https://usn.ubuntu.com/3798-2/ Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:suse:linux_enterprise_real_time_extension:12:sp1:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.4:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.4:rc2:*:*:*:*:*:*
History

31 Jan 2022, 17:51

Type Values Removed Values Added
CPE cpe:2.3:o:novell:suse_linux_enterprise_real_time_extension:12:sp1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:rc8:*:*:*:*:*:*		 cpe:2.3:o:suse:linux_enterprise_real_time_extension:12:sp1:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.4:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:4.4:rc2:*:*:*:*:*:*
CWE CWE-264 CWE-269
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00007.html - (SUSE) http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00007.html - Third Party Advisory
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00011.html - (SUSE) http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00011.html - Third Party Advisory
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html - (SUSE) http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html - Third Party Advisory
References (CONFIRM) https://github.com/torvalds/linux/commit/096fe9eaea40a17e125569f9e657e34cdb6d73bd - (CONFIRM) https://github.com/torvalds/linux/commit/096fe9eaea40a17e125569f9e657e34cdb6d73bd - Issue Tracking, Patch, Vendor Advisory
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00017.html - (SUSE) http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00017.html - Third Party Advisory
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00008.html - (SUSE) http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00008.html - Third Party Advisory
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00019.html - (SUSE) http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00019.html - Third Party Advisory
References (REDHAT) https://access.redhat.com/errata/RHSA-2018:0152 - (REDHAT) https://access.redhat.com/errata/RHSA-2018:0152 - Third Party Advisory
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00018.html - (SUSE) http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00018.html - Third Party Advisory
References (UBUNTU) https://usn.ubuntu.com/3798-2/ - (UBUNTU) https://usn.ubuntu.com/3798-2/ - Third Party Advisory
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html - (SUSE) http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html - Third Party Advisory
References (REDHAT) https://access.redhat.com/errata/RHSA-2018:0181 - (REDHAT) https://access.redhat.com/errata/RHSA-2018:0181 - Third Party Advisory
References (UBUNTU) https://usn.ubuntu.com/3798-1/ - (UBUNTU) https://usn.ubuntu.com/3798-1/ - Third Party Advisory
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html - (SUSE) http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html - Third Party Advisory
References (MLIST) http://www.openwall.com/lists/oss-security/2015/12/09/1 - (MLIST) http://www.openwall.com/lists/oss-security/2015/12/09/1 - Issue Tracking, Mailing List, Patch, Third Party Advisory
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00021.html - (SUSE) http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00021.html - Third Party Advisory
References (CONFIRM) https://bugzilla.redhat.com/show_bug.cgi?id=1284450 - Issue Tracking (CONFIRM) https://bugzilla.redhat.com/show_bug.cgi?id=1284450 - Issue Tracking, Third Party Advisory
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00022.html - (SUSE) http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00022.html - Third Party Advisory
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00020.html - (SUSE) http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00020.html - Third Party Advisory
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00009.html - (SUSE) http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00009.html - Third Party Advisory
References (REDHAT) https://access.redhat.com/errata/RHSA-2018:0151 - (REDHAT) https://access.redhat.com/errata/RHSA-2018:0151 - Third Party Advisory
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00034.html - (SUSE) http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00034.html - Third Party Advisory
Information

Published : 2016-02-08 03:59

Updated : 2024-02-04 18:53

NVD link : CVE-2015-8539

Mitre link : CVE-2015-8539

CVE.ORG link : CVE-2015-8539

JSON object : View

Products Affected

suse

  • linux_enterprise_real_time_extension

canonical

  • ubuntu_linux

linux

  • linux_kernel
CWE
CWE-269

Improper Privilege Management