Vulnerability Name: | CVE-2015-7312 (CCN-106703) | ||||||||||||||||||||||||||||||||||||||||||||
Assigned: | 2015-09-10 | ||||||||||||||||||||||||||||||||||||||||||||
Published: | 2015-09-10 | ||||||||||||||||||||||||||||||||||||||||||||
Updated: | 2020-08-07 | ||||||||||||||||||||||||||||||||||||||||||||
Summary: | Multiple race conditions in the Advanced Union Filesystem (aufs) aufs3-mmap.patch and aufs4-mmap.patch patches for the Linux kernel 3.x and 4.x allow local users to cause a denial of service (use-after-free and BUG) or possibly gain privileges via a (1) madvise or (2) msync system call, related to mm/madvise.c and mm/msync.c. | ||||||||||||||||||||||||||||||||||||||||||||
CVSS v3 Severity: | 4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) 3.5 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C)
| ||||||||||||||||||||||||||||||||||||||||||||
CVSS v2 Severity: | 4.4 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P)
| ||||||||||||||||||||||||||||||||||||||||||||
Vulnerability Type: | CWE-362 CWE-416 | ||||||||||||||||||||||||||||||||||||||||||||
Vulnerability Consequences: | Denial of Service | ||||||||||||||||||||||||||||||||||||||||||||
References: | Source: MITRE Type: CNA CVE-2015-7312 Source: CCN Type: oss-sec Mailing List, Thu, 10 Sep 2015 20:26:30 +0100 CVE request: Use-after-free in Linux kernel with aufs mmap patch Source: CCN Type: oss-sec Mailing List, Tue, 22 Sep 2015 16:51:17 -0400 (EDT) Re: CVE request: Use-after-free in Linux kernel with aufs mmap patch Source: MLIST Type: Exploit, Third Party Advisory [aufs] 20150910 Re: concurrent msync triggers NULL pointer dereference Source: DEBIAN Type: Third Party Advisory DSA-3364 Source: MLIST Type: Mailing List, Third Party Advisory [oss-security] 20150922 Re: CVE request: Use-after-free in Linux kernel with aufs mmap patch Source: UBUNTU Type: Third Party Advisory USN-2777-1 Source: XF Type: UNKNOWN linux-kernel-cve20157312-dos(106703) Source: CCN Type: WhiteSource Vulnerability Database CVE-2015-7312 | ||||||||||||||||||||||||||||||||||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||||||||||||||
Oval Definitions | |||||||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||||||
BACK |