7.8

CVE-2015-3288

mm/memory.c in the Linux kernel before 4.1.4 mishandles anonymous pages, which allows local users to gain privileges or cause a denial of service (page tainting) via a crafted application that triggers writing to page zero.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version < 3.2.71
LinuxLinux Kernel Version >= 3.4 < 3.4.111
LinuxLinux Kernel Version >= 3.10 < 3.10.86
LinuxLinux Kernel Version >= 3.12 < 3.12.47
LinuxLinux Kernel Version >= 3.14 < 3.14.50
LinuxLinux Kernel Version >= 3.16 < 3.16.35
LinuxLinux Kernel Version >= 3.18 < 3.18.52
LinuxLinux Kernel Version >= 4.1.0 < 4.1.4
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.48% 0.375
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://source.android.com/security/bulletin/2017-01-01.html
Third Party Advisory
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.4
Vendor Advisory
Release Notes
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6b7339f4c31ad69c8e9c0b2859276e22cf72176d
Patch
Vendor Advisory
http://www.securityfocus.com/bid/93591
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1333830
Patch
Third Party Advisory
VDB Entry
Issue Tracking
https://github.com/torvalds/linux/commit/6b7339f4c31ad69c8e9c0b2859276e22cf72176d
Vendor Advisory
https://security-tracker.debian.org/tracker/CVE-2015-3288
Third Party Advisory