CVE-2015-8787: Null Pointer Dereference
First published: Thu Jan 21 2016(Updated: )
Kernel NULL pointer dereference vulnerability was found in netfilter/nf_nat_redirect.c in nf_nat_redirect_ipv4 function introduced by commit 8b13eddfdf04cbfa561725cfc42d6868fe896f56 ("netfilter: refactor NAT redirect IPv4 to use it from nf_tables"). Vulnerable code: unsigned int nf_nat_redirect_ipv4(struct sk_buff *skb, ... { ... rcu_read_lock(); indev = __in_dev_get_rcu(skb->dev); if (indev != NULL) { ifa = indev->ifa_list; newdst = ifa->ifa_local; <--- } rcu_read_unlock(); ... } 'ifa' is not checked before access and can be accessed even if it's NULL. Crash might happen when packets that need to be redirected somehow arrive on an interface which hasn't been yet fully configured. Patch and crash report: <a href="https://lkml.org/lkml/2015/12/2/618">https://lkml.org/lkml/2015/12/2/618</a> Oss-security reference: <a href="http://seclists.org/oss-sec/2016/q1/223">http://seclists.org/oss-sec/2016/q1/223</a> CVE assignment: <a href="http://seclists.org/oss-sec/2016/q1/226">http://seclists.org/oss-sec/2016/q1/226</a>
Credit: security@debian.org security@debian.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Linux kernel | >=3.19<4.1.31 | |
| Linux Linux kernel | >=4.2<4.4 | |
| debian/linux | 5.10.223-1 5.10.226-1 6.1.115-1 6.1.112-1 6.11.7-1 6.11.9-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=94f9cd81436c85d8c3a318ba92e236ede73752fc
- http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176464.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176484.html
- http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html
- http://www.openwall.com/lists/oss-security/2016/01/27/6
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
- http://www.ubuntu.com/usn/USN-2889-1
- http://www.ubuntu.com/usn/USN-2889-2
- http://www.ubuntu.com/usn/USN-2890-1
- http://www.ubuntu.com/usn/USN-2890-2
- http://www.ubuntu.com/usn/USN-2890-3
- https://bugzilla.redhat.com/show_bug.cgi?id=1300731
- https://github.com/torvalds/linux/commit/94f9cd81436c85d8c3a318ba92e236ede73752fc
- https://launchpad.net/bugs/cve/CVE-2015-8787
- https://lkml.org/lkml/2015/12/2/618
- http://seclists.org/oss-sec/2016/q1/223
- http://seclists.org/oss-sec/2016/q1/226
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1300732
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1300731#c0
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8b13eddfdf04cbfa561725cfc42d6868fe896f56
- https://git.kernel.org/linus/8b13eddfdf04cbfa561725cfc42d6868fe896f56
- https://git.kernel.org/linus/94f9cd81436c85d8c3a318ba92e236ede73752fc
- https://www.openwall.com/lists/oss-security/2016/01/27/6
- https://security-tracker.debian.org/tracker/CVE-2015-8787
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8787
- https://nvd.nist.gov/vuln/detail/CVE-2015-8787
- https://ubuntu.com/security/CVE-2015-8787
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2015-8787.
What is the severity of CVE-2015-8787?
The severity of CVE-2015-8787 is medium with a severity value of 4.
How does CVE-2015-8787 affect the Linux kernel?
CVE-2015-8787 allows remote attackers to cause a denial of service or possibly have unspecified other impact by sending certain IPv4 packets to an incompletely configured system, leading to a NULL pointer dereference and system crash.
Which versions of the Linux kernel are affected by CVE-2015-8787?
Versions of the Linux kernel before version 4.4 are affected by CVE-2015-8787.
How do I fix CVE-2015-8787?
To fix CVE-2015-8787, update your Linux kernel to version 4.4 or later.
- collector/nvd-index
- agent/type
- agent/remedy
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2015-8787
- agent/author
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- agent/description
- agent/severity
- agent/weakness
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/tags
- agent/event
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- collector/usn-cve
- source/Ubuntu
- vendor/linux
- canonical/linux linux kernel
- version/linux linux kernel/3.19
- version/linux linux kernel/4.2
- package-manager/debian