CVE-2015-1339

CWE-399 CWE-400 — Uncontrolled Resource Consumption10 documents7 sources

Severity

6.2MEDIUM

EPSS

0.0%

top 90.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Novell Suse Linux Enterprise Debuginfo Novell Suse Linux Enterprise Real Time Extension

Timeline

PublishedApr 27

Latest updateMay 17

Description

Memory leak in the cuse_channel_release function in fs/fuse/cuse.c in the Linux kernel before 4.4 allows local users to cause a denial of service (memory consumption) or possibly have unspecified other impact by opening /dev/cuse many times.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.5 | Impact: 3.6

Affected Packages4 packages

▶NVDlinux/linux_kernel4.3.6

▶Debianlinux< 4.4.2-1+3

▶NVDnovell/suse_linux_enterprise_debuginfo11

▶NVDnovell/suse_linux_enterprise_real_time_extension11

Patches

Patch: www.openwall.com ↗Patch: github.com ↗Patch: www.openwall.com ↗

🔴Vulnerability Details

GHSA

GHSA-4g77-cm25-7q33: Memory leak in the cuse_channel_release function in fs/fuse/cuse↗2022-05-17

▶

CVEList

CVE-2015-1339: Memory leak in the cuse_channel_release function in fs/fuse/cuse↗2016-04-27

▶

OSV

CVE-2015-1339: Memory leak in the cuse_channel_release function in fs/fuse/cuse↗2016-04-27

▶

📋Vendor Advisories

Red Hat

kernel: Memory exhaustion via CUSE driver↗2016-03-02

▶

Red Hat

webkitgtk: arbitrary code execution and denial of service via a crafted web site (WSA-2015-0001)↗2015-01-26

▶

Debian

CVE-2015-1339: linux - Memory leak in the cuse_channel_release function in fs/fuse/cuse.c in the Linux ...↗2015

▶

💬Community

Bugzilla

CVE-2015-1339 kernel: Memory exhaustion via CUSE driver [fedora-all]↗2016-03-03

▶

Bugzilla

CVE-2015-1339 kernel: Memory exhaustion via CUSE driver↗2016-03-03

▶

Bugzilla

CVE-2014-1339 webkitgtk: arbitrary code execution and denial of service via a crafted web site (WSA-2015-0001)↗2015-01-27

▶