QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2015-3636

Back to search

CVE-2015-3636

Published: Aug 6, 2015

Modified: Aug 6, 2024

PUBLISHED

Description

The ping_unhash function in net/ipv4/ping.c in the Linux kernel before 4.0.3 does not initialize a certain list data structure during an unhash operation, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) by leveraging the ability to make a SOCK_DGRAM socket system call for the IPPROTO_ICMP or IPPROTO_ICMPV6 protocol, and then making a connect system call after a disconnect.

VendorProductVersions

n/a

n/a

affected
n/a

References

DSA-3290
vendor-advisory
x_refsource_DEBIAN
USN-2631-1
vendor-advisory
x_refsource_UBUNTU
USN-2634-1
vendor-advisory
x_refsource_UBUNTU
SUSE-SU-2015:1491
vendor-advisory
x_refsource_SUSE
SUSE-SU-2015:1489
vendor-advisory
x_refsource_SUSE
USN-2632-1
vendor-advisory
x_refsource_UBUNTU
SUSE-SU-2015:1488
vendor-advisory
x_refsource_SUSE
FEDORA-2015-8518
vendor-advisory
x_refsource_FEDORA
1033186
vdb-entry
x_refsource_SECTRACK
FEDORA-2015-7736
vendor-advisory
x_refsource_FEDORA
RHSA-2015:1643
vendor-advisory
x_refsource_REDHAT
openSUSE-SU-2015:1382
vendor-advisory
x_refsource_SUSE
SUSE-SU-2015:1478
vendor-advisory
x_refsource_SUSE
RHSA-2015:1583
vendor-advisory
x_refsource_REDHAT
RHSA-2015:1534
vendor-advisory
x_refsource_REDHAT
RHSA-2015:1564
vendor-advisory
x_refsource_REDHAT
SUSE-SU-2015:1224
vendor-advisory
x_refsource_SUSE
SUSE-SU-2015:1487
vendor-advisory
x_refsource_SUSE
RHSA-2015:1221
vendor-advisory
x_refsource_REDHAT
FEDORA-2015-7784
vendor-advisory
x_refsource_FEDORA
USN-2633-1
vendor-advisory
x_refsource_UBUNTU
74450
vdb-entry
x_refsource_BID

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now