CVE-2015-8324

medium

Description

A NULL pointer dereference flaw was found in the way the Linux kernel's ext4 file system driver handled certain corrupted file system images. An attacker with physical access to the system could use this flaw to crash the system.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1267261

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=744692dc059845b2a3022119871846e74d4f6e11

http://www.openwall.com/lists/oss-security/2015/11/23/2

https://github.com/torvalds/linux/commit/744692dc059845b2a3022119871846e74d4f6e11

http://mirror.linux.org.au/linux/kernel/v2.6/ChangeLog-2.6.34

http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

http://rhn.redhat.com/errata/RHSA-2016-0855.html

https://access.redhat.com/security/cve/CVE-2015-8324

https://access.redhat.com/errata/RHSA-2016:0855

Details

Source: MITRE

Published: 2016-05-02

Updated: 2023-02-02

Type: NVD-CWE-Other

Risk Information

CVSS v2

Base Score: 4.9

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

Impact Score: 6.9

Exploitability Score: 3.9

Severity: MEDIUM

CVSS v3

Base Score: 4.6

Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 0.9

Severity: MEDIUM