CVE-2015-2042
First published: Mon Feb 23 2015(Updated: )
A flaw was found in the method that the linux kernel handles userspace tuning of the Reliable Datagram Sockets (RDS) system settings. The incorrect handling allowed a trusted user to set multiple RDS sysctls for RDS with specially formatted data. Reading from these files also returned data from other sysctl settings that would be exposed via the same permissions to this user. This bug provides little risk to users as the values that can be modified are exposed via proc sysctls with the same permissions. <a href="https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=db27ebb111e9f69efece08e4cb6a34ff980f8896">https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=db27ebb111e9f69efece08e4cb6a34ff980f8896</a>
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Linux kernel | <=3.18.7 | |
| debian/linux | 5.10.223-1 5.10.226-1 6.1.115-1 6.1.119-1 6.11.10-1 6.12.5-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=db27ebb111e9f69efece08e4cb6a34ff980f8896
- http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html
- http://www.debian.org/security/2015/dsa-3237
- http://www.openwall.com/lists/oss-security/2015/02/20/20
- http://www.securityfocus.com/bid/72730
- http://www.ubuntu.com/usn/USN-2560-1
- http://www.ubuntu.com/usn/USN-2561-1
- http://www.ubuntu.com/usn/USN-2562-1
- http://www.ubuntu.com/usn/USN-2563-1
- http://www.ubuntu.com/usn/USN-2564-1
- http://www.ubuntu.com/usn/USN-2565-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1195355
- https://github.com/torvalds/linux/commit/db27ebb111e9f69efece08e4cb6a34ff980f8896
- https://launchpad.net/bugs/cve/CVE-2015-2042
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=db27ebb111e9f69efece08e4cb6a34ff980f8896
- https://access.redhat.com/security/updates/classification/
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1199365
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=db27ebb111e9f69efece08e4cb6a34ff980f8896
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3e5048495c8569bfdd552750e0315973c61e7c93
- https://security-tracker.debian.org/tracker/CVE-2015-2042
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2042
- https://nvd.nist.gov/vuln/detail/CVE-2015-2042
- https://ubuntu.com/security/CVE-2015-2042
- collector/nvd-index
- agent/type
- agent/remedy
- collector/launchpad-cve
- source/Launchpad
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2015-2042
- agent/author
- agent/weakness
- agent/severity
- collector/mitre-cve
- source/MITRE
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/tags
- agent/description
- agent/first-publish-date
- agent/last-modified-date
- agent/event
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- agent/trending
- vendor/linux
- canonical/linux linux kernel
- version/linux linux kernel/3.18.7
- package-manager/debian