CVE-2015-1593

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The stack randomization feature in the Linux kernel before 3.19.1 on 64-bit platforms uses incorrect data types for the results of bitwise left-shift operations, which makes it easier for attackers to bypass the ASLR protection mechanism by predicting the address of the top of the stack, related to the randomize_stack_top function in fs/binfmt_elf.c and the stack_maxrandom_size function in arch/x86/mm/mmap.c.

References

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=4e7c22d447bb6d7e37bfe39ff658486ae78e8d77

http://hmarco.org/bugs/linux-ASLR-integer-overflow.html

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00009.html

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html

http://rhn.redhat.com/errata/RHSA-2015-1137.html

http://rhn.redhat.com/errata/RHSA-2015-1138.html

http://rhn.redhat.com/errata/RHSA-2015-1221.html

http://www.debian.org/security/2015/dsa-3170

http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.19.1

http://www.openwall.com/lists/oss-security/2015/02/13/13

http://www.securityfocus.com/bid/72607

http://www.ubuntu.com/usn/USN-2560-1

http://www.ubuntu.com/usn/USN-2561-1

http://www.ubuntu.com/usn/USN-2562-1

http://www.ubuntu.com/usn/USN-2563-1

http://www.ubuntu.com/usn/USN-2564-1

http://www.ubuntu.com/usn/USN-2565-1

https://bugzilla.redhat.com/show_bug.cgi?id=1192519

https://github.com/torvalds/linux/commit/4e7c22d447bb6d7e37bfe39ff658486ae78e8d77

https://lkml.org/lkml/2015/1/7/811

Details

Source: MITRE

Published: 2015-03-16

Updated: 2018-01-05

Type: CWE-264

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:x64:* versions up to 3.18.9 (inclusive)

Tenable Plugins

View all (36 total)

IDNameProductFamilySeverity
145665CentOS 8 : kernel (CESA-2019:3517)NessusCentOS Local Security Checks
critical
130547RHEL 8 : kernel (RHSA-2019:3517)NessusRed Hat Local Security Checks
critical
124991EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1538)NessusHuawei Local Security Checks
critical
124809EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1485)NessusHuawei Local Security Checks
high
99163OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0057) (Dirty COW)NessusOracleVM Local Security Checks
critical
90019OracleVM 3.2 : kernel-uek (OVMSA-2016-0037)NessusOracleVM Local Security Checks
critical
85188OracleVM 3.3 : kernel-uek (OVMSA-2015-0109)NessusOracleVM Local Security Checks
critical
85177Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2015-3064)NessusOracle Linux Local Security Checks
medium
85097Oracle Linux 6 : kernel (ELSA-2015-1272)NessusOracle Linux Local Security Checks
high
84790Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20150714)NessusScientific Linux Local Security Checks
medium
84769CentOS 6 : kernel (CESA-2015:1221)NessusCentOS Local Security Checks
medium
84758RHEL 6 : kernel (RHSA-2015:1221)NessusRed Hat Local Security Checks
medium
84757Oracle Linux 6 : kernel (ELSA-2015-1221)NessusOracle Linux Local Security Checks
medium
84536Scientific Linux Security Update : kernel on SL7.x x86_64 (20150623)NessusScientific Linux Local Security Checks
medium
84419Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2015-3047)NessusOracle Linux Local Security Checks
medium
84390OracleVM 3.3 : kernel-uek (OVMSA-2015-0072)NessusOracleVM Local Security Checks
medium
84389Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2015-3046)NessusOracle Linux Local Security Checks
medium
84388Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2015-3045)NessusOracle Linux Local Security Checks
medium
84358RHEL 7 : kernel-rt (RHSA-2015:1139)NessusRed Hat Local Security Checks
medium
84357RHEL 6 : MRG (RHSA-2015:1138)NessusRed Hat Local Security Checks
medium
84356RHEL 7 : kernel (RHSA-2015:1137)NessusRed Hat Local Security Checks
medium
84352Oracle Linux 7 : kernel (ELSA-2015-1137)NessusOracle Linux Local Security Checks
medium
84346CentOS 7 : kernel (CESA-2015:1137)NessusCentOS Local Security Checks
medium
82756openSUSE Security Update : Linux Kernel (openSUSE-2015-302)NessusSuSE Local Security Checks
critical
82755openSUSE Security Update : the Linux Kernel (openSUSE-2015-301)NessusSuSE Local Security Checks
high
82696Ubuntu 14.10 : linux vulnerabilities (USN-2565-1)NessusUbuntu Local Security Checks
medium
82695Ubuntu 14.04 LTS : linux-lts-utopic vulnerabilities (USN-2564-1)NessusUbuntu Local Security Checks
medium
82662Ubuntu 14.04 LTS : linux vulnerabilities (USN-2563-1)NessusUbuntu Local Security Checks
critical
82661Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2562-1)NessusUbuntu Local Security Checks
critical
82660Ubuntu 12.04 LTS : linux vulnerabilities (USN-2560-1)NessusUbuntu Local Security Checks
medium
82138Debian DLA-155-1 : linux-2.6 security updateNessusDebian Local Security Checks
critical
82020SuSE 11.3 Security Update : Linux Kernel (SAT Patch Numbers 10412 / 10415 / 10416)NessusSuSE Local Security Checks
high
81863Fedora 20 : kernel-3.18.9-100.fc20 (2015-3594)NessusFedora Local Security Checks
critical
81827Amazon Linux AMI : kernel (ALAS-2015-491)NessusAmazon Linux Local Security Checks
medium
81717Fedora 21 : kernel-3.18.8-201.fc21 (2015-3011)NessusFedora Local Security Checks
critical
81449Debian DSA-3170-1 : linux - security updateNessusDebian Local Security Checks
critical