CVE-2015-8215 — Vulnetix

Try Vulnetix Request Demo

CVE-2015-8215 PUBLISHED

net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel before 4.0 does not validate attempted changes to the MTU value, which allows context-dependent attackers to cause a denial of service (packet loss) via a value that is (1) smaller than the minimum compliant value or (2) larger than the MTU of an interface, as demonstrated by a Router Advertisement (RA) message that is not validated by a daemon, a different vulnerability than CVE-2015-0272. NOTE: the scope of CVE-2015-0272 is limited to the NetworkManager product.

EPSS 6.24% · 90.8th percentile

Risk Scores

EPSS Score

6.24%

90.8th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:20.04:LTS	linux-raspi2	5.3.0-1007.8, 0, 5.4.0-1006.6
Ubuntu:18.04:LTS	linux-hwe-edge	5.0.0-16.17~18.04.1, 5.0.0-17.18~18.04.1, 5.0.0-19.20~18.04.1
Ubuntu:20.04:LTS	linux-gke	5.4.0-1095.102, 5.4.0-1096.103, 5.4.0-1097.104
Ubuntu:20.04:LTS	linux-azure-fde	5.4.0-1080.83+cvm1.1, 0, 5.4.0-1063.66+cvm2.2
Ubuntu:18.04:LTS	linux-azure	5.0.0-1031.33, 5.0.0-1035.37, 5.0.0-1036.38
Ubuntu:22.04:LTS	linux-intel-iot-realtime	0, 5.15.0-1073.75
Ubuntu:24.04:LTS	linux-raspi-realtime	0, 6.8.0-2019.20
Ubuntu:18.04:LTS	linux-gcp	4.15.0-1026.27, 5.0.0-1034.35, 5.0.0-1033.34
Ubuntu:20.04:LTS	linux-gkeop	5.4.0-1087.91, 5.4.0-1088.92, 5.4.0-1089.93
Ubuntu:24.04:LTS	linux-riscv	6.8.0-60.63.1, 0, 6.5.0-9.9.1
Ubuntu:24.04:LTS	linux-gcp-6.11	6.11.0-1006.6~24.04.2, 6.11.0-1011.11~24.04.1, 0
Ubuntu:18.04:LTS	linux-hwe	5.0.0-23.24~18.04.1, 5.0.0-25.26~18.04.1, 5.0.0-27.28~18.04.1
Ubuntu:20.04:LTS	linux-riscv	5.4.0-24.28, 5.4.0-30.34, 5.4.0-28.32
Ubuntu:22.04:LTS	linux-realtime	5.15.0-1032.35, 0
Ubuntu:24.04:LTS	linux-realtime	6.8.1-1015.16, 0
Ubuntu:24.04:LTS	linux-lowlatency-hwe-6.11	0, 6.11.0-1009.10~24.04.1, 6.11.0-1011.12~24.04.1
Ubuntu:22.04:LTS	linux-riscv	5.15.0-1020.23, 5.15.0-1019.22, 5.15.0-1018.21
Ubuntu:14.04:LTS	linux-lts-vivid	3.19.0-22.22~14.04.1, 3.19.0-23.24~14.04.1, 3.19.0-25.26~14.04.1
Ubuntu:14.04:LTS	linux-lts-utopic	3.16.0-39.53~14.04.1, 3.16.0-50.66~14.04.1, 3.16.0-50.67~14.04.1
Ubuntu:24.04:LTS	linux-azure-6.11	6.11.0-1014.14~24.04.1, 6.11.0-1017.17~24.04.1, 6.11.0-1018.18~24.04.1

…and 3 more

Timeline

Nov 16, 2015 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Mar 28, 2023 EPSS Score
Apr 28, 2023 EPSS Score
May 19, 2023 EPSS Score
Jul 10, 2023 EPSS Score
Oct 22, 2023 EPSS Score

References

https://ubuntu.com/security/CVE-2015-8215 third-party-advisory
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=77751427a1ff25b27d47a4c36b12c3c8667855ac third-party-advisory
https://github.com/torvalds/linux/commit/77751427a1ff25b27d47a4c36b12c3c8667855ac third-party-advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1192132 third-party-advisory
https://bugzilla.novell.com/show_bug.cgi?id=944296 third-party-advisory
https://bugs.launchpad.net/bugs/1500810 third-party-advisory
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=77751427a1ff25b27d47a4c36b12c3c8667855ac third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2015-8215 third-party-advisory

Open in Interactive Console →