CVE-2015-8543 (High) detected in multiple libraries

[mend-bolt-for-github[bot]]

CVE-2015-8543 - High Severity Vulnerability

Vulnerable Libraries - linuxlinux-4.6, linuxlinux-4.6, linuxlinux-4.6

Vulnerability Details

The networking implementation in the Linux kernel through 4.3.3, as used in Android and other products, does not validate protocol identifiers for certain protocol families, which allows local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application.

Publish Date: 2015-12-28

URL: CVE-2015-8543

CVSS 3 Score Details (7.0)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: High - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8543

Release Date: 2015-12-28

Fix Resolution: v4.4-rc6

---

Step up your Open Source Security Game with Mend here

[mend-bolt-for-github[bot]]

:information_source: This issue was automatically re-opened by Mend because the vulnerable library in the specific branch(es) has been detected in the Mend inventory.