CVE-2015-2922

CWE-17 CWE-454 CWE-35817 documents9 sources

Severity

3.3LOW

EPSS

1.7%

top 17.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Debian Linux Fedoraproject Fedora +3 more

Timeline

PublishedMay 27

Latest updateMay 13

Description

The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in the Linux kernel before 3.19.6 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message.

CVSS vector

AV:A/AC:L/C:N/I:N/A:PExploitability: 6.5 | Impact: 2.9

Affected Packages5 packages

▶NVDlinux/linux_kernel3.19.5

▶Debianlinux< 3.16.7-ckt9-1+3

▶NVDoracle/linux5.0

▶NVDoracle/solaris11.3

▶NVDredhat/enterprise_mrg2.5

Also affects: Debian Linux 7.0, 8.0, Fedora 20, 21, 22

🔴Vulnerability Details

GHSA

GHSA-h2xq-wm46-j26f: The ndisc_router_discovery function in net/ipv6/ndisc↗2022-05-13

▶

CVEList

CVE-2015-2922: The ndisc_router_discovery function in net/ipv6/ndisc↗2015-05-27

▶

OSV

CVE-2015-2922: The ndisc_router_discovery function in net/ipv6/ndisc↗2015-05-27

▶

OSV

linux vulnerabilities↗2015-04-30

▶

📋Vendor Advisories

Android

CVE-2015-2922: Android Security Bulletin 2016-09-01 CVE: CVE-2015-2922 Severity: MEDIUM References: A-29409847 Upstream kernel↗2016-09-01

▶

Ubuntu

Linux kernel vulnerability↗2015-04-30

▶

Ubuntu

Linux kernel vulnerabilities↗2015-04-30

▶

Ubuntu

Linux kernel vulnerabilities↗2015-04-30

▶

Ubuntu

Linux kernel (Trusty HWE) vulnerabilities↗2015-04-30

▶

💬Community

Bugzilla

CVE-2015-2924 NetworkManager: denial of service (DoS) attack against IPv6 network stacks due to improper handling of Router Advertisements↗2015-04-08

▶

Bugzilla

CVE-2015-2922 kernel: denial of service (DoS) attack against IPv6 network stacks due to improper handling of Router Advertisements.↗2015-03-19

▶