CVE-2015-4700
First published: Fri Jun 19 2015(Updated: )
A flaw was found in the kernels implementation of the Berkly Packet Filter. Specially crafted BPF code may be able to crash the system by creating a situation in which the JIT compiler will fail to correctly optimise the JIT image on the last pass. This would to the CPU executing instructions that were not part of the JIT code. Workaround: This issue does not affect most systems by default. An administrator would need to have enabled the BPF JIT to be affected. It can be disabled immediately with the command: # echo 0 > /proc/sys/net/core/bpf_jit_enable Or it can be disabled for all subsequent boots of the system by setting a value in /etc/sysctl.d/44-bpf-jit-disable ## start file ## net.core.bpf_jit_enable=0 ## end file ## Resources: <a href="http://seclists.org/oss-sec/2015/q2/784">http://seclists.org/oss-sec/2015/q2/784</a> <a href="https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/id=3f7352bf21f8fd7ba3e2fcef9488756f188e12be">https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/id=3f7352bf21f8fd7ba3e2fcef9488756f188e12be</a>
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | <=4.0.5 | |
| debian/linux | 5.10.223-1 5.10.234-1 6.1.123-1 6.1.128-1 6.12.12-1 6.12.17-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3f7352bf21f8fd7ba3e2fcef9488756f188e12be
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.html
- http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html
- http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00007.html
- http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00008.html
- http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.html
- http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00010.html
- http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00011.html
- http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00018.html
- http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00021.html
- http://rhn.redhat.com/errata/RHSA-2015-1778.html
- http://www.debian.org/security/2015/dsa-3329
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.6
- http://www.openwall.com/lists/oss-security/2015/06/23/2
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://www.securityfocus.com/bid/75356
- http://www.securitytracker.com/id/1033046
- http://www.ubuntu.com/usn/USN-2679-1
- http://www.ubuntu.com/usn/USN-2680-1
- http://www.ubuntu.com/usn/USN-2681-1
- http://www.ubuntu.com/usn/USN-2683-1
- http://www.ubuntu.com/usn/USN-2684-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1233615
- https://github.com/torvalds/linux/commit/3f7352bf21f8fd7ba3e2fcef9488756f188e12be
- https://support.f5.com/csp/article/K05211147
- https://launchpad.net/bugs/cve/CVE-2015-4700
- http://seclists.org/oss-sec/2015/q2/784
- https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/id=3f7352bf21f8fd7ba3e2fcef9488756f188e12be
- http://seclists.org/oss-sec/2015/q2/785
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1236946
- https://rhn.redhat.com/errata/RHSA-2015-1788.html
- https://rhn.redhat.com/errata/RHSA-2015-1778.html
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3f7352bf21f8fd7ba3e2fcef9488756f188e12be
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0a14842f5a3c0e88a1e59fac5c3025db39721f74
- https://security-tracker.debian.org/tracker/CVE-2015-4700
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4700
- https://nvd.nist.gov/vuln/detail/CVE-2015-4700
- https://ubuntu.com/security/CVE-2015-4700
Frequently Asked Questions
What is the severity of CVE-2015-4700?
CVE-2015-4700 is classified as a high severity vulnerability due to its potential to crash the system.
How do I fix CVE-2015-4700?
To mitigate CVE-2015-4700, users should upgrade the Linux kernel to versions 4.0.6 or higher, as well as install the specified patched versions in Debian packages.
What systems are affected by CVE-2015-4700?
CVE-2015-4700 affects Linux kernel versions up to and including 4.0.5, as well as specific Debian packages.
What types of attacks can be executed using CVE-2015-4700?
CVE-2015-4700 can be exploited to create specially crafted BPF code that leads to system crashes.
When was CVE-2015-4700 disclosed?
CVE-2015-4700 was disclosed in 2015, highlighting issues with the kernel's implementation of the Berkeley Packet Filter.
- agent/type
- agent/first-publish-date
- agent/remedy
- collector/launchpad-cve
- source/Launchpad
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2015-4700
- agent/author
- agent/severity
- agent/weakness
- collector/mitre-cve
- source/MITRE
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/description
- agent/last-modified-date
- agent/event
- agent/trending
- agent/source
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/softwarecombine
- agent/tags
- collector/security-tracker-debian
- source/Debian
- vendor/linux
- canonical/linux kernel
- version/linux kernel/4.0.5
- package-manager/debian