Main Vulnerability Database SB2015123102

SB2015123102 - NULL pointer dereference in linux-grsec (Alpine package)

Published: December 31, 2015

Security Bulletin ID SB2015123102

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) NULL pointer dereference (CVE-ID: CVE-2015-8543)

The vulnerability allows a local attacker to cause DoS condition or gain elevated privileges on the target system.

The weakness exists in the networking implementation due to improper validation of protocol identifiers for certain protocol families. A local attacker can trigger NULL pointer dereference or gain root privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application.

Remediation

Install update from vendor's website.

References

https://git.alpinelinux.org/aports/commit/?id=3d085528053ed26c6d328dbb0c29afbd7741421c
https://git.alpinelinux.org/aports/commit/?id=7dbea86ac6d1cc87bf497ecefa083787a5ee84c1