CVE-2015-1593: Integer Overflow
First published: Fri Feb 13 2015(Updated: )
It was reported [1] that stack address is not properly randomized on some 64 bit architectures due to an integer overflow. The stack entropy of the processes is reduced by four. The possible locations are significantly reduced from around one billion to two hundred millions. The problem seems to affect only to the x86_64 architecture. Proposed patch: <a href="https://lkml.org/lkml/2015/1/7/811">https://lkml.org/lkml/2015/1/7/811</a> [1]: <a href="http://hmarco.org/bugs/linux-ASLR-integer-overflow.html">http://hmarco.org/bugs/linux-ASLR-integer-overflow.html</a>
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | <=3.18.9 | |
| debian/linux | 5.10.223-1 5.10.234-1 6.1.123-1 6.1.128-1 6.12.12-1 6.12.17-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=4e7c22d447bb6d7e37bfe39ff658486ae78e8d77
- http://hmarco.org/bugs/linux-ASLR-integer-overflow.html
- http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00009.html
- http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html
- http://rhn.redhat.com/errata/RHSA-2015-1137.html
- http://rhn.redhat.com/errata/RHSA-2015-1138.html
- http://rhn.redhat.com/errata/RHSA-2015-1221.html
- http://www.debian.org/security/2015/dsa-3170
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.19.1
- http://www.openwall.com/lists/oss-security/2015/02/13/13
- http://www.securityfocus.com/bid/72607
- http://www.ubuntu.com/usn/USN-2560-1
- http://www.ubuntu.com/usn/USN-2561-1
- http://www.ubuntu.com/usn/USN-2562-1
- http://www.ubuntu.com/usn/USN-2563-1
- http://www.ubuntu.com/usn/USN-2564-1
- http://www.ubuntu.com/usn/USN-2565-1
- https://access.redhat.com/errata/RHSA-2019:3517
- https://bugzilla.redhat.com/show_bug.cgi?id=1192519
- https://github.com/torvalds/linux/commit/4e7c22d447bb6d7e37bfe39ff658486ae78e8d77
- https://lkml.org/lkml/2015/1/7/811
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1192520
- https://access.redhat.com/support/policy/updates/errata/
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4e7c22d447bb6d7e37bfe39ff658486ae78e8d77
- https://rhn.redhat.com/errata/RHSA-2015-1139.html
- https://rhn.redhat.com/errata/RHSA-2015-1138.html
- https://rhn.redhat.com/errata/RHSA-2015-1137.html
- https://rhn.redhat.com/errata/RHSA-2015-1221.html
- https://launchpad.net/bugs/cve/CVE-2015-1593
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4e7c22d447bb6d7e37bfe39ff658486ae78e8d77
- https://lkml.org/lkml/2015/2/14/61
- https://security-tracker.debian.org/tracker/CVE-2015-1593
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1593
- https://nvd.nist.gov/vuln/detail/CVE-2015-1593
- https://ubuntu.com/security/CVE-2015-1593
Frequently Asked Questions
What is the severity of CVE-2015-1593?
CVE-2015-1593 has a medium severity rating due to the reduced entropy in stack address randomization.
How do I fix CVE-2015-1593?
To fix CVE-2015-1593, update your Linux kernel to version 5.10.223-1 or later, 6.1.123-1 or later, or 6.12.12-1 or later.
What systems are affected by CVE-2015-1593?
CVE-2015-1593 affects various Linux kernel versions prior to 3.18.9 on 64-bit architectures.
What issue does CVE-2015-1593 cause?
CVE-2015-1593 causes a decrease in stack address randomization, potentially leading to easier exploitation of stack-based vulnerabilities.
Is CVE-2015-1593 related to memory safety?
Yes, CVE-2015-1593 impacts memory safety by reducing the unpredictability of stack memory addresses.
- agent/type
- agent/first-publish-date
- agent/remedy
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2015-1593
- collector/launchpad-cve
- source/Launchpad
- agent/author
- agent/severity
- agent/weakness
- collector/mitre-cve
- source/MITRE
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/description
- agent/last-modified-date
- agent/event
- agent/trending
- agent/source
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/softwarecombine
- agent/tags
- collector/security-tracker-debian
- source/Debian
- vendor/linux
- canonical/linux kernel
- version/linux kernel/3.18.9
- package-manager/debian