VDB
CVE-2015-8543
CVE-2015-8543
PUBLISHED
The networking implementation in the Linux kernel through 4.3.3, as used in Android and other products, does not validate protocol identifiers for certain protocol families, which allows local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application.
EPSS 1.56% · 81.8th percentile
Risk Scores
EPSS Score
1.56%
81.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:22.04:LTS | linux-intel-iot-realtime | 5.15.0-1073.75, 0 |
| Ubuntu:24.04:LTS | linux-azure-6.11 | 6.11.0-1014.14~24.04.1, 6.11.0-1013.13~24.04.1, 6.11.0-1012.12~24.04.1 |
| Ubuntu:24.04:LTS | linux-hwe-6.11 | 6.11.0-28.28~24.04.1, 6.11.0-29.29~24.04.1, * |
| Ubuntu:14.04:LTS | linux-lts-wily | 4.2.0-23.28~14.04.1, 4.2.0-25.30~14.04.1, * |
| Ubuntu:22.04:LTS | linux-realtime | 5.15.0-1032.35, 0 |
| Ubuntu:22.04:LTS | linux-riscv | 5.15.0-1012.13, 5.15.0-1015.17, 5.15.0-1008.8 |
| Ubuntu:Pro:20.04:LTS | linux-azure-fde-5.15 | 5.15.0-1076.85~20.04.1.1, *, 5.15.0-1049.56~20.04.1.1 |
| Ubuntu:24.04:LTS | linux-lowlatency-hwe-6.11 | 6.11.0-1011.12~24.04.1, 6.11.0-1012.13~24.04.1, 6.11.0-1014.15~24.04.1 |
| Ubuntu:24.04:LTS | linux-riscv | 6.8.0-49.49.1, 6.8.0-55.57.1, 6.8.0-53.55.1 |
| Ubuntu:18.04:LTS | linux-hwe | 5.3.0-62.56~18.04.1, 5.3.0-64.58~18.04.1, 5.3.0-66.60 |
| Ubuntu:18.04:LTS | linux-hwe-edge | 5.0.0-16.17~18.04.1, 5.0.0-17.18~18.04.1, 5.0.0-15.16~18.04.1 |
| Ubuntu:24.04:LTS | linux-realtime | 6.8.1-1015.16, 0 |
| Ubuntu:20.04:LTS | linux-azure-fde | *, *, 0 |
| Ubuntu:24.04:LTS | linux-raspi-realtime | 6.8.0-2019.20, 0 |
| Ubuntu:24.04:LTS | linux-gcp-6.11 | 6.11.0-1011.11~24.04.1, 0, * |
| Ubuntu:20.04:LTS | linux-raspi2 | 5.3.0-1014.16, 5.3.0-1007.8, 0 |
| Ubuntu:14.04:LTS | linux-lts-utopic | *, *, * |
| Ubuntu:20.04:LTS | linux-riscv | 5.4.0-39.44, 5.4.0-37.42, 5.4.0-36.41 |
| Ubuntu:20.04:LTS | linux-gke | 5.4.0-1102.109, 0, 5.4.0-1033.35 |
| Ubuntu:18.04:LTS | linux-gcp | 4.15.0-1003.3, 4.15.0-1001.1, 0 |
…and 4 more
Exploit Intelligence
- bittorrent3389/CVE-2015-8543_for_SLE12SP1 (github-poc)
- bittorrent3389/CVE-2015-8543_for_SLE12SP1 (github-poc)
- bittorrent3389/CVE-2015-8543_for_SLE12SP1 (github-poc)
- bittorrent3389/CVE-2015-8543_for_SLE12SP1 (github-poc)
- bittorrent3389/CVE-2015-8543_for_SLE12SP1 (github-poc)
Timeline
- Dec 28, 2015 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 16, 2023 EPSS Score
- Oct 29, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2015-8543 third-party-advisory
- http://www.openwall.com/lists/oss-security/2015/12/09/3 third-party-advisory
- http://www.openwall.com/lists/oss-security/2015/12/11/6 third-party-advisory
- https://ubuntu.com/security/notices/USN-2886-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-2886-2 vendor-advisory
- https://ubuntu.com/security/notices/USN-2888-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-2890-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-2890-2 vendor-advisory
- https://ubuntu.com/security/notices/USN-2890-3 vendor-advisory
- https://ubuntu.com/security/notices/USN-2910-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-2907-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-2907-2 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2015-8543 third-party-advisory