4.6

CVE-2015-5707

Integer overflow in the sg_start_req function in drivers/scsi/sg.c in the Linux kernel 2.6.x through 4.x before 4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large iov_count value in a write request.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 2.6.0 < 4.1.0
CanonicalUbuntu Linux Version12.04 SwEditionlts
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version15.04
DebianDebian Linux Version7.0
DebianDebian Linux Version8.0
SuseSuse Linux Enterprise Desktop Version11 Updatesp3
SuseSuse Linux Enterprise Server Version11 Updatesp2 SwEditionltss
SuseSuse Linux Enterprise Server Version11 Updatesp3
SuseSuse Linux Enterprise Server Version11 Updatesp3 SwPlatformvmware
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.49% 0.383
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.6 3.9 6.4
AV:L/AC:L/Au:N/C:P/I:P/A:P
CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00018.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00021.html
Third Party Advisory
Mailing List
http://www.debian.org/security/2015/dsa-3329
Third Party Advisory
https://source.android.com/security/bulletin/2017-07-01
Third Party Advisory
http://www.ubuntu.com/usn/USN-2759-1
Third Party Advisory
http://www.ubuntu.com/usn/USN-2760-1
Third Party Advisory
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=451a2886b6bf90e2fb378f7c46c655450fb96e81
Patch
Vendor Advisory
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fdc81f45e9f57858da6351836507fbcf1b7583ee
Patch
Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00026.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00027.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00028.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00029.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00030.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00031.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00032.html
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2015/08/01/6
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/76145
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1033521
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/USN-2733-1
Third Party Advisory
http://www.ubuntu.com/usn/USN-2734-1
Third Party Advisory
http://www.ubuntu.com/usn/USN-2737-1
Third Party Advisory
http://www.ubuntu.com/usn/USN-2738-1
Third Party Advisory
http://www.ubuntu.com/usn/USN-2750-1
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1250030
Third Party Advisory
Issue Tracking
https://github.com/torvalds/linux/commit/451a2886b6bf90e2fb378f7c46c655450fb96e81
Patch
Third Party Advisory
https://github.com/torvalds/linux/commit/fdc81f45e9f57858da6351836507fbcf1b7583ee
Patch
Third Party Advisory