CVE-2015-5366Infinite Loop in Linux

CWE-835Infinite LoopCWE-39918 documents8 sources
Severity
5.0MEDIUMNVD
OSV7.8OSV7.2OSV4.9
EPSS
9.7%
top 7.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Linux KernelDebian LinuxRedhat Enterprise Linux Server AUS+1 more
Timeline
PublishedAug 31
Latest updateMay 14

Description

The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 provide inappropriate -EAGAIN return values, which allows remote attackers to cause a denial of service (EPOLLET epoll application read outage) via an incorrect checksum in a UDP packet, a different vulnerability than CVE-2015-5364.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages5 packages

Debianlinux/linux_kernel< 4.0.7-1+3
Ubuntulinux/linux_kernel< 3.13.0-58.97
debiandebian/linux< linux 4.0.7-1 (bookworm)
Palo Altopaloalto/pan-os

Also affects: Enterprise Linux 6.5

🔴Vulnerability Details

5
GHSA
GHSA-2p7j-hg9j-vpj2: The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 42022-05-14
OSV
CVE-2015-5366: The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 42015-08-31
OSV
linux-lts-utopic vulnerabilities2015-07-23
OSV
linux-lts-vivid vulnerabilities2015-07-23
OSV
linux vulnerabilities2015-07-23

📋Vendor Advisories

11
Palo Alto
PAN-SA-2016-0025 Kernel Vulnerabilities2016-10-04
Ubuntu
Linux kernel vulnerabilities2015-08-18
Ubuntu
Linux kernel (OMAP4) vulnerabilities2015-08-18
Ubuntu
Linux kernel vulnerabilities2015-07-24
Ubuntu
Linux kernel (Utopic HWE) vulnerabilities2015-07-23

💬Community

1
Bugzilla
CVE-2015-5366 CVE-2015-5364 kernel: net: incorrect processing of checksums in UDP implementation2015-07-03