CVE-2015-2041
First published: Mon Feb 23 2015(Updated: )
A flaw was found in the method that the linux kernel handles userspace configuration of of the the Linux kernel's logical link control (LLC) implementation system settings. The incorrect handling allowed a trusted user to set multiple LLC syscalls with specially formatted data. Reading from these files also returned data from other sysctl settings that would be exposed via the same permissions to this user. This bug provides little risk to users as the values that can be modified are exposed via proc sysctls with the same permissions. Upstream patch: <a href="https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6b8d9117ccb4f81b1244aafa7bc70ef8fa45fc49">https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6b8d9117ccb4f81b1244aafa7bc70ef8fa45fc49</a>
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SUSE SUSE Linux Enterprise Server | =10-sp4 | |
| Linux Linux kernel | <=3.18.7 | |
| Debian Debian Linux | ||
| debian/linux | 5.10.223-1 5.10.226-1 6.1.115-1 6.1.112-1 6.11.7-1 6.11.9-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.openwall.com/lists/oss-security/2015/02/20/19
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6b8d9117ccb4f81b1244aafa7bc70ef8fa45fc49
- https://bugzilla.redhat.com/show_bug.cgi?id=1195350
- https://github.com/torvalds/linux/commit/6b8d9117ccb4f81b1244aafa7bc70ef8fa45fc49
- http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html
- http://www.debian.org/security/2015/dsa-3237
- http://www.securityfocus.com/bid/72729
- http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.html
- http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html
- http://www.ubuntu.com/usn/USN-2560-1
- http://www.ubuntu.com/usn/USN-2561-1
- http://www.ubuntu.com/usn/USN-2562-1
- http://www.ubuntu.com/usn/USN-2563-1
- http://www.ubuntu.com/usn/USN-2564-1
- http://www.ubuntu.com/usn/USN-2565-1
- https://launchpad.net/bugs/cve/CVE-2015-2041
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6b8d9117ccb4f81b1244aafa7bc70ef8fa45fc49
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6b8d9117ccb4f81b1244aafa7bc70ef8fa45fc49
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=590232a7150674b2036291eaefce085f3f9659c8
- https://security-tracker.debian.org/tracker/CVE-2015-2041
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2041
- https://nvd.nist.gov/vuln/detail/CVE-2015-2041
- https://ubuntu.com/security/CVE-2015-2041
- agent/type
- agent/remedy
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2015-2041
- agent/author
- agent/weakness
- agent/severity
- agent/description
- agent/references
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/tags
- agent/event
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- collector/usn-cve
- source/Ubuntu
- vendor/suse
- canonical/suse suse linux enterprise server
- version/suse suse linux enterprise server/10-sp4
- vendor/linux
- canonical/linux linux kernel
- version/linux linux kernel/3.18.7
- vendor/debian
- canonical/debian debian linux
- package-manager/debian