CVE-2015-8812: Use After Free
First published: Mon Feb 01 2016(Updated: )
A flaw was found in the CXGB3 kernel driver when the network was considered congested. The kernel would incorrectly misinterpret the congestion as an error condition and incorrectly free/clean up the skb. When the device would then send the skb's queued, these structures would be referenced and may panic the system or allow an attacker to escalate privileges in a use-after-free scenario. From the patch: ---- The cxgb3_*_send() functions return NET_XMIT_ values, which are positive integers values. So don't treat positive return values as an error. ---- Upstream commit: <a href="https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=67f1aee6f45059fd6b0f5b0ecb2c97ad0451f6b3">https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=67f1aee6f45059fd6b0f5b0ecb2c97ad0451f6b3</a> CVE assignment: <a href="http://seclists.org/oss-sec/2016/q1/311">http://seclists.org/oss-sec/2016/q1/311</a>
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Novell Suse Linux Enterprise Real Time Extension | =12-sp1 | |
| Linux Linux kernel | <3.2.78 | |
| Linux Linux kernel | >=3.3<3.10.99 | |
| Linux Linux kernel | >=3.11<3.12.56 | |
| Linux Linux kernel | >=3.13<3.14.63 | |
| Linux Linux kernel | >=3.15<3.16.35 | |
| Linux Linux kernel | >=3.17<3.18.31 | |
| Linux Linux kernel | >=3.19<4.1.22 | |
| Linux Linux kernel | >=4.2.0<4.4.4 | |
| Canonical Ubuntu Linux | =12.04 | |
| Canonical Ubuntu Linux | =14.04 | |
| Canonical Ubuntu Linux | =15.10 | |
| debian/linux | 5.10.223-1 5.10.226-1 6.1.115-1 6.1.112-1 6.11.7-1 6.11.9-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=67f1aee6f45059fd6b0f5b0ecb2c97ad0451f6b3
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html
- http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html
- http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html
- http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00025.html
- http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00026.html
- http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00027.html
- http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00028.html
- http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00029.html
- http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00030.html
- http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00031.html
- http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00032.html
- http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00033.html
- http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00034.html
- http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00036.html
- http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00037.html
- http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html
- http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html
- http://rhn.redhat.com/errata/RHSA-2016-2574.html
- http://rhn.redhat.com/errata/RHSA-2016-2584.html
- http://www.debian.org/security/2016/dsa-3503
- http://www.openwall.com/lists/oss-security/2016/02/11/1
- http://www.securityfocus.com/bid/83218
- http://www.ubuntu.com/usn/USN-2946-1
- http://www.ubuntu.com/usn/USN-2946-2
- http://www.ubuntu.com/usn/USN-2947-1
- http://www.ubuntu.com/usn/USN-2947-2
- http://www.ubuntu.com/usn/USN-2947-3
- http://www.ubuntu.com/usn/USN-2948-1
- http://www.ubuntu.com/usn/USN-2948-2
- http://www.ubuntu.com/usn/USN-2949-1
- http://www.ubuntu.com/usn/USN-2967-1
- http://www.ubuntu.com/usn/USN-2967-2
- https://bugzilla.redhat.com/show_bug.cgi?id=1303532
- https://github.com/torvalds/linux/commit/67f1aee6f45059fd6b0f5b0ecb2c97ad0451f6b3
- https://launchpad.net/bugs/cve/CVE-2015-8812
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=67f1aee6f45059fd6b0f5b0ecb2c97ad0451f6b3
- http://seclists.org/oss-sec/2016/q1/311
- https://access.redhat.com/support/policy/updates/errata/
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1309548
- https://rhn.redhat.com/errata/RHSA-2016-2574.html
- https://rhn.redhat.com/errata/RHSA-2016-2584.html
- https://www.openwall.com/lists/oss-security/2016/02/11/1
- https://git.kernel.org/linus/67f1aee6f45059fd6b0f5b0ecb2c97ad0451f6b3
- https://git.kernel.org/linus/04b5d028f50ff05a8f9ae049ee71f8fdfcf1f5de
- https://security-tracker.debian.org/tracker/CVE-2015-8812
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8812
- https://nvd.nist.gov/vuln/detail/CVE-2015-8812
- https://ubuntu.com/security/CVE-2015-8812
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID is CVE-2015-8812.
What is the severity level of CVE-2015-8812?
The severity level of CVE-2015-8812 is medium (4).
How does CVE-2015-8812 affect Linux kernel versions?
CVE-2015-8812 affects Linux kernel versions before 4.5.
What is the impact of CVE-2015-8812?
CVE-2015-8812 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted packets.
How can I fix CVE-2015-8812?
To fix CVE-2015-8812, update your Linux kernel to version 4.5 or later.
- collector/nvd-index
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2015-8812
- agent/author
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- agent/description
- agent/weakness
- agent/remedy
- agent/severity
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/tags
- agent/event
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- collector/usn-cve
- source/Ubuntu
- vendor/novell
- canonical/novell suse linux enterprise real time extension
- version/novell suse linux enterprise real time extension/12-sp1
- vendor/linux
- canonical/linux linux kernel
- version/linux linux kernel/3.3
- version/linux linux kernel/3.11
- version/linux linux kernel/3.13
- version/linux linux kernel/3.15
- version/linux linux kernel/3.17
- version/linux linux kernel/3.19
- version/linux linux kernel/4.2.0
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/12.04
- version/canonical ubuntu linux/14.04
- version/canonical ubuntu linux/15.10
- package-manager/debian