CVE-2015-2041Kernel vulnerability

CWE-1714 documents8 sources
Severity
4.6MEDIUMNVD
OSV5.0
EPSS
0.1%
top 79.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Linux KernelSuse Linux Enterprise Server
Timeline
PublishedApr 21
Latest updateMay 14

Description

net/llc/sysctl_net_llc.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, which allows local users to obtain potentially sensitive information from kernel memory or possibly have unspecified other impact by accessing a sysctl entry.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages3 packages

Debianlinux/linux_kernel< 3.16.7-ckt9-1+3
NVDlinux/linux_kernel3.18.7

🔴Vulnerability Details

4
GHSA
GHSA-rp6h-cpcg-rw4q: net/llc/sysctl_net_llc2022-05-14
OSV
CVE-2015-2041: net/llc/sysctl_net_llc2015-04-21
CVEList
CVE-2015-2041: net/llc/sysctl_net_llc2015-04-21
OSV
linux-lts-utopic vulnerabilities2015-04-09

📋Vendor Advisories

8
Ubuntu
Linux kernel vulnerabilities2015-04-09
Ubuntu
Linux kernel (Utopic HWE) vulnerabilities2015-04-09
Ubuntu
Linux kernel (OMAP4) vulnerabilities2015-04-08
Ubuntu
Linux kernel vulnerabilities2015-04-08
Ubuntu
Linux kernel (Trusty HWE) vulnerabilities2015-04-08

💬Community

1
Bugzilla
CVE-2015-2041 kernel: llc: information leak in llc2_timeout_table2015-02-23
CVE-2015-2041 — Linux Kernel vulnerability | cvebase