QwikSec

Security Database

CVE

CWE

Training

CVE-2015-5706

Published: Aug 31, 2015

Modified: Aug 6, 2024

PUBLISHED

Description

Use-after-free vulnerability in the path_openat function in fs/namei.c in the Linux kernel 3.x and 4.x before 4.0.4 allows local users to cause a denial of service or possibly have unspecified other impact via O_TMPFILE filesystem operations that leverage a duplicate cleanup operation.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://source.android.com/security/bulletin/2017-01-01.html

x_refsource_CONFIRM

http://twitter.com/grsecurity/statuses/597127122910490624

x_refsource_MISC

vendor-advisory

x_refsource_UBUNTU

http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.4

x_refsource_CONFIRM

https://bugzilla.redhat.com/show_bug.cgi?id=1250047

x_refsource_CONFIRM

vdb-entry

x_refsource_BID

vendor-advisory

x_refsource_DEBIAN

https://github.com/torvalds/linux/commit/f15133df088ecadd141ea1907f2c96df67c729f0

x_refsource_CONFIRM

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f15133df088ecadd141ea1907f2c96df67c729f0

x_refsource_CONFIRM

vendor-advisory

x_refsource_UBUNTU

[oss-security] 20150801 CVE request: Use-after-free in path lookup in Linux 3.11-4.0 inclusive

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.