CVE-2017-15115

Severity

Theme

CVE-2017-15115

high

New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel before 4.14 does not check whether the intended netns is used in a peel-off action, which allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via crafted system calls.

References

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=df80cd9b28b9ebaa284a41df611dbf3a2d05ca74

http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html

http://seclists.org/oss-sec/2017/q4/282

http://www.securityfocus.com/bid/101877

https://bugzilla.redhat.com/show_bug.cgi?id=1513345

https://github.com/torvalds/linux/commit/df80cd9b28b9ebaa284a41df611dbf3a2d05ca74

https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html

https://patchwork.ozlabs.org/patch/827077/

https://source.android.com/security/bulletin/pixel/2018-04-01

https://usn.ubuntu.com/3581-1/

https://usn.ubuntu.com/3581-2/

https://usn.ubuntu.com/3581-3/

https://usn.ubuntu.com/3582-1/

https://usn.ubuntu.com/3582-2/

https://usn.ubuntu.com/3583-1/

https://usn.ubuntu.com/3583-2/

Details

Source: MITRE

Published: 2017-11-15

Updated: 2019-05-08

Type: CWE-416

Risk Information

CVSS v2

Base Score: 7.2

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.9

Severity: HIGH

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1.8

Severity: HIGH

Vulnerable Software

ID	Name	Product	Family	Severity
124981	EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1528)	Nessus	Huawei Local Security Checks	high
124822	EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1499)	Nessus	Huawei Local Security Checks	medium
121771	Photon OS 2.0: Linux PHSA-2017-0051	Nessus	PhotonOS Local Security Checks	critical
111901	Photon OS 1.0: Binutils / Glibc / Linux / Mongodb / Openssh / Procmail / Python2 / Rsync PHSA-2017-0052 (deprecated)	Nessus	PhotonOS Local Security Checks	critical
111900	Photon OS 2.0: Libvirt / Linux / Openssh / Procmail / Python2 / Rsync PHSA-2017-0051 (deprecated)	Nessus	PhotonOS Local Security Checks	critical
109829	Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4109) (Meltdown) (Spectre)	Nessus	Oracle Linux Local Security Checks	high
109668	OracleVM 3.3 : Unbreakable / etc (OVMSA-2018-0041) (Spectre)	Nessus	OracleVM Local Security Checks	high
109543	Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4089) (Spectre)	Nessus	Oracle Linux Local Security Checks	high
109158	OracleVM 3.4 : Unbreakable / etc (OVMSA-2018-0035) (Dirty COW) (Meltdown) (Spectre)	Nessus	OracleVM Local Security Checks	high
109156	Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4071) (Dirty COW) (Meltdown) (Spectre)	Nessus	Oracle Linux Local Security Checks	high
107003	Ubuntu 14.04 LTS : linux vulnerabilities (USN-3583-1) (Meltdown)	Nessus	Ubuntu Local Security Checks	critical
106973	Ubuntu 14.04 LTS : linux-lts-xenial, linux-aws vulnerabilities (USN-3582-2) (Spectre)	Nessus	Ubuntu Local Security Checks	high
106972	Ubuntu 16.04 LTS : linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities (USN-3582-1) (Spectre)	Nessus	Ubuntu Local Security Checks	high
106971	Ubuntu 17.10 : linux-raspi2 vulnerabilities (USN-3581-3)	Nessus	Ubuntu Local Security Checks	high
106970	Ubuntu 16.04 LTS : linux-hwe, linux-azure, linux-gcp, linux-oem vulnerabilities (USN-3581-2) (Spectre)	Nessus	Ubuntu Local Security Checks	high
106969	Ubuntu 17.10 : linux vulnerabilities (USN-3581-1) (Spectre)	Nessus	Ubuntu Local Security Checks	high
106706	OracleVM 3.4 : Unbreakable / etc (OVMSA-2018-0017) (Meltdown)	Nessus	OracleVM Local Security Checks	high
106670	Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4025) (Meltdown)	Nessus	Oracle Linux Local Security Checks	high
106095	SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0115-1) (Meltdown) (Spectre)	Nessus	SuSE Local Security Checks	high
106008	Fedora 27 : kernel (2017-f73d3f1fc4)	Nessus	Fedora Local Security Checks	high
105685	SUSE SLES11 Security Update : kernel (SUSE-SU-2018:0040-1) (BlueBorne) (KRACK) (Meltdown) (Spectre)	Nessus	SuSE Local Security Checks	high
105647	SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0031-1) (Meltdown) (Spectre)	Nessus	SuSE Local Security Checks	high
105575	SUSE SLES11 Security Update : kernel (SUSE-SU-2018:0011-1) (Meltdown) (Spectre)	Nessus	SuSE Local Security Checks	high
105464	Virtuozzo 7 : readykernel-patch (VZA-2017-120)	Nessus	Virtuozzo Local Security Checks	high
105461	SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:3410-1)	Nessus	SuSE Local Security Checks	high
105460	SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:3398-1)	Nessus	SuSE Local Security Checks	high
105422	Amazon Linux AMI : kernel (ALAS-2017-937) (Dirty COW)	Nessus	Amazon Linux Local Security Checks	high
105364	openSUSE Security Update : the Linux Kernel (openSUSE-2017-1391) (Dirty COW)	Nessus	SuSE Local Security Checks	high
105344	openSUSE Security Update : the Linux Kernel (openSUSE-2017-1390) (Dirty COW)	Nessus	SuSE Local Security Checks	high
105323	EulerOS 2.0 SP2 : kernel (EulerOS-SA-2017-1342)	Nessus	Huawei Local Security Checks	high
105116	Debian DLA-1200-1 : linux security update (KRACK)	Nessus	Debian Local Security Checks	high
105046	EulerOS 2.0 SP1 : kernel (EulerOS-SA-2017-1318)	Nessus	Huawei Local Security Checks	high
104710	Fedora 25 : kernel (2017-1b4d140781)	Nessus	Fedora Local Security Checks	high
104689	Fedora 26 : kernel (2017-62e3a94f2a)	Nessus	Fedora Local Security Checks	high

CVE-2017-15115

high

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

CVSS v3

Vulnerable Software

Configuration 1

Configuration 2

Configuration 3

Configuration 4

Tenable Plugins

high

medium

critical

critical

critical

high

high

high

high

high

critical

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high