Vulnerability CVE-2015-4170


Published: 2016-05-02

Description:
Race condition in the ldsem_cmpxchg function in drivers/tty/tty_ldsem.c in the Linux kernel before 3.13-rc4-next-20131218 allows local users to cause a denial of service (ldsem_down_read and ldsem_down_write deadlock) by establishing a new tty thread during shutdown of a previous tty thread.

Type:

CWE-362

CVSS2 => (AV:L/AC:M/Au:N/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.7/10
6.9/10
3.4/10
Exploit range
Attack complexity
Authentication
Local
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete
Affected software
Redhat -> Enterprise linux compute node eus 
Redhat -> Enterprise linux for ibm z systems eus 
Redhat -> Enterprise linux for power big endian eus 
Redhat -> Enterprise linux for power little endian eus 
Redhat -> Enterprise linux server eus 
Linux -> Linux kernel 

 References:
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cf872776fc84128bb779ce2b83a37c884c3203ae
http://www.openwall.com/lists/oss-security/2015/05/26/1
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
http://www.securityfocus.com/bid/74820
https://access.redhat.com/errata/RHSA-2016:1395
https://bugzilla.redhat.com/show_bug.cgi?id=1218879
https://github.com/torvalds/linux/commit/cf872776fc84128bb779ce2b83a37c884c3203ae
https://www.kernel.org/pub/linux/kernel/next/patch-v3.13-rc4-next-20131218.xz

Copyright 2024, cxsecurity.com

 

Back to Top