Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-1420

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2015-1420
Last Modified 18 Mar 2015 10:00:23
Published 16 Mar 2015 06:59:06
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2015-1420

Summary

Race condition in the handle_to_path function in fs/fhandle.c in the Linux kernel through 3.19.1 allows local users to bypass intended size restrictions and trigger read operations on additional memory locations by changing the handle_bytes value of a file handle during the execution of this function.

Vulnerable Systems

Operating System

  • Linux Kernel 3.18.9


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=1187534

MLIST - [oss-security] 20150129 CVE-2015-1420 - Linux kernel fs/fhandle.c race condition

MLIST - [linux-kernel] 20150128 [PATCH v2] vfs: read file_handle only once in handle_to_path

DEBIAN - DSA-3170


Last Updated: 27 May 2016 11:08:06