CVE-2015-8812

CWE-416 — Use After Free21 documents8 sources

Severity

9.8CRITICAL

EPSS

2.8%

top 13.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Canonical Ubuntu Linux Novell Suse Linux Enterprise Real Time Extension

Timeline

PublishedApr 27

Latest updateMay 14

Description

drivers/infiniband/hw/cxgb3/iwch_cm.c in the Linux kernel before 4.5 does not properly identify error conditions, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted packets.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages5 packages

▶NVDlinux/linux_kernel3.3 — 3.10.99+7

▶Debianlinux< 4.4.2-1+3

▶Ubuntulinux< 3.13.0-85.129

▶Ubuntulinux-lts-vivid< 3.19.0-58.64~14.04.1

▶NVDnovell/suse_linux_enterprise_real_time_extension12

Also affects: Ubuntu Linux 12.04, 14.04, 15.10

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-c8fc-wc9r-j8c3: drivers/infiniband/hw/cxgb3/iwch_cm↗2022-05-14

▶

OSV

CVE-2015-8812: drivers/infiniband/hw/cxgb3/iwch_cm↗2016-04-27

▶

CVEList

CVE-2015-8812: drivers/infiniband/hw/cxgb3/iwch_cm↗2016-04-27

▶

OSV

linux vulnerabilities↗2016-04-06

▶

OSV

linux-lts-vivid vulnerabilities↗2016-04-06

▶

📋Vendor Advisories

Ubuntu

Linux kernel vulnerabilities↗2016-05-09

▶

Ubuntu

Linux kernel (OMAP4) vulnerabilities↗2016-05-09

▶

Ubuntu

Linux kernel (Trusty HWE) vulnerabilities↗2016-04-06

▶

Ubuntu

Linux kernel (Wily HWE) vulnerabilities↗2016-04-06

▶

Ubuntu

Linux kernel vulnerabilities↗2016-04-06

▶

💬Community

Bugzilla

CVE-2015-8812 kernel: CXGB3: Logic bug in return code handling prematurely frees key structures causing Use after free or kernel panic. [fedora-all]↗2016-02-18

▶

Bugzilla

CVE-2015-8812 kernel: CXGB3: Logic bug in return code handling prematurely frees key structures causing Use after free or kernel panic.↗2016-02-01

▶