First published: Mon Feb 01 2016(Updated: )
A flaw was found in the CXGB3 kernel driver when the network was considered congested. The kernel would incorrectly misinterpret the congestion as an error condition and incorrectly free/clean up the skb. When the device would then send the skb's queued, these structures would be referenced and may panic the system or allow an attacker to escalate privileges in a use-after-free scenario. From the patch: ---- The cxgb3_*_send() functions return NET_XMIT_ values, which are positive integers values. So don't treat positive return values as an error. ---- Upstream commit: <a href="https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=67f1aee6f45059fd6b0f5b0ecb2c97ad0451f6b3">https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=67f1aee6f45059fd6b0f5b0ecb2c97ad0451f6b3</a> CVE assignment: <a href="http://seclists.org/oss-sec/2016/q1/311">http://seclists.org/oss-sec/2016/q1/311</a>
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Novell Suse Linux Enterprise Real Time Extension | =12-sp1 | |
Linux Linux kernel | <3.2.78 | |
Linux Linux kernel | >=3.3<3.10.99 | |
Linux Linux kernel | >=3.11<3.12.56 | |
Linux Linux kernel | >=3.13<3.14.63 | |
Linux Linux kernel | >=3.15<3.16.35 | |
Linux Linux kernel | >=3.17<3.18.31 | |
Linux Linux kernel | >=3.19<4.1.22 | |
Linux Linux kernel | >=4.2.0<4.4.4 | |
Canonical Ubuntu Linux | =12.04 | |
Canonical Ubuntu Linux | =14.04 | |
Canonical Ubuntu Linux | =15.10 | |
debian/linux | 5.10.223-1 5.10.226-1 6.1.115-1 6.1.119-1 6.11.10-1 6.12.5-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2015-8812.
The severity level of CVE-2015-8812 is medium (4).
CVE-2015-8812 affects Linux kernel versions before 4.5.
CVE-2015-8812 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted packets.
To fix CVE-2015-8812, update your Linux kernel to version 4.5 or later.