CVE-2015-2041
First published: Mon Feb 23 2015(Updated: )
A flaw was found in the method that the linux kernel handles userspace configuration of of the the Linux kernel's logical link control (LLC) implementation system settings. The incorrect handling allowed a trusted user to set multiple LLC syscalls with specially formatted data. Reading from these files also returned data from other sysctl settings that would be exposed via the same permissions to this user. This bug provides little risk to users as the values that can be modified are exposed via proc sysctls with the same permissions. Upstream patch: <a href="https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6b8d9117ccb4f81b1244aafa7bc70ef8fa45fc49">https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6b8d9117ccb4f81b1244aafa7bc70ef8fa45fc49</a>
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SUSE Linux Enterprise Server | =10-sp4 | |
| Linux kernel | <=3.18.7 | |
| Debian | ||
| debian/linux | 5.10.223-1 5.10.234-1 6.1.123-1 6.1.128-1 6.12.12-1 6.12.17-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.openwall.com/lists/oss-security/2015/02/20/19
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6b8d9117ccb4f81b1244aafa7bc70ef8fa45fc49
- https://bugzilla.redhat.com/show_bug.cgi?id=1195350
- https://github.com/torvalds/linux/commit/6b8d9117ccb4f81b1244aafa7bc70ef8fa45fc49
- http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html
- http://www.debian.org/security/2015/dsa-3237
- http://www.securityfocus.com/bid/72729
- http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.html
- http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html
- http://www.ubuntu.com/usn/USN-2560-1
- http://www.ubuntu.com/usn/USN-2561-1
- http://www.ubuntu.com/usn/USN-2562-1
- http://www.ubuntu.com/usn/USN-2563-1
- http://www.ubuntu.com/usn/USN-2564-1
- http://www.ubuntu.com/usn/USN-2565-1
- https://launchpad.net/bugs/cve/CVE-2015-2041
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6b8d9117ccb4f81b1244aafa7bc70ef8fa45fc49
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6b8d9117ccb4f81b1244aafa7bc70ef8fa45fc49
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=590232a7150674b2036291eaefce085f3f9659c8
- https://security-tracker.debian.org/tracker/CVE-2015-2041
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2041
- https://nvd.nist.gov/vuln/detail/CVE-2015-2041
- https://ubuntu.com/security/CVE-2015-2041
Frequently Asked Questions
What is the severity of CVE-2015-2041?
CVE-2015-2041 has been classified as medium severity due to its potential for user privilege escalation.
How do I fix CVE-2015-2041?
To fix CVE-2015-2041, upgrade the Linux kernel to a version that includes the security patch.
Which versions of Linux are affected by CVE-2015-2041?
CVE-2015-2041 affects various Linux kernel versions up to 3.18.7 and multiple specific Debian and SUSE versions.
Can CVE-2015-2041 be exploited locally?
Yes, CVE-2015-2041 can be exploited by a trusted local user to gain elevated privileges.
What are the risks associated with CVE-2015-2041?
The risks of CVE-2015-2041 include potential unauthorized access and modifications to system settings by a lower-privileged user.
- agent/type
- agent/remedy
- collector/launchpad-cve
- source/Launchpad
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2015-2041
- agent/weakness
- agent/severity
- collector/mitre-cve
- source/MITRE
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/description
- agent/first-publish-date
- agent/last-modified-date
- agent/trending
- agent/source
- agent/event
- agent/author
- agent/tags
- agent/softwarecombine
- collector/security-tracker-debian
- source/Debian
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- package-manager/debian
- vendor/suse
- canonical/suse linux enterprise server
- version/suse linux enterprise server/10-sp4
- vendor/linux
- canonical/linux kernel
- version/linux kernel/3.18.7
- vendor/debian
- canonical/debian