Vulnerability Database
299,584
Total vulnerabilities in the database
CVE-2015-8543
The networking implementation in the Linux kernel through 4.3.3, as used in Android and other products, does not validate protocol identifiers for certain protocol families, which allows local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application.
| Software | From | Fixed in |
|---|---|---|
| linux / linux_kernel | 3.15 | 3.16.35 |
| linux / linux_kernel | 3.13 | 3.14.59 |
| linux / linux_kernel | 3.17 | 3.18.26 |
| linux / linux_kernel | 3.19 | 4.1.16 |
| linux / linux_kernel | 4.2 | 4.3.4 |
| linux / linux_kernel | - | 3.2.75 |
| linux / linux_kernel | 3.3 | 3.4.111 |
| linux / linux_kernel | 3.5 | 3.10.95 |
| linux / linux_kernel | 3.11 | 3.12.52 |
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=79462ad02e861803b3840cc782248c7359451cd9
- http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html
- http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html
- http://rhn.redhat.com/errata/RHSA-2016-0855.html
- http://rhn.redhat.com/errata/RHSA-2016-2574.html
- http://rhn.redhat.com/errata/RHSA-2016-2584.html
- http://www.debian.org/security/2015/dsa-3426
- http://www.debian.org/security/2016/dsa-3434
- http://www.openwall.com/lists/oss-security/2015/12/09/5
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- http://www.securityfocus.com/bid/79698
- http://www.securitytracker.com/id/1034892
- http://www.ubuntu.com/usn/USN-2886-1
- http://www.ubuntu.com/usn/USN-2888-1
- http://www.ubuntu.com/usn/USN-2890-1
- http://www.ubuntu.com/usn/USN-2890-2
- http://www.ubuntu.com/usn/USN-2890-3
- https://bugzilla.redhat.com/show_bug.cgi?id=1290475
- https://github.com/torvalds/linux/commit/79462ad02e861803b3840cc782248c7359451cd9
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime