CVE-2015-5364 HIGH

Published: 2015-08-31 | Last Modified: 2026-06-17 | Status: Modified

Description

The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 do not properly consider yielding a processor, which allows remote attackers to cause a denial of service (system hang) via incorrect checksums within a UDP packet flood.

Additional Descriptions (1)

Vulnerabilidad en las funciones (1) udp_recvmsg y (2) udpv6_recvmsg en el kernel de Linux en versiones anteriores a 4.0.6, no considera adecuadamente ceder un procesador, lo que permite a atacantes remotos causar una denegación de servicio (colgado del sistema) a través de sumas de comprobación incorrectas dentro de una inundación de paquetes UDP.

CVSS Metrics

Base Score: 7.8 (HIGH)

AV:N/AC:L/Au:N/C:N/I:N/A:C

Access Vector	NETWORK
Access Complexity	LOW
Authentication	NONE
Confidentiality Impact	NONE
Integrity Impact	NONE
Availability Impact	COMPLETE

Source: [email protected]

Type: Primary

Exploitability Score: 10.0

Impact Score: 6.9

Weaknesses

Source	Type	Description
[email protected]	Primary	en CWE-399

Affected Products

Vendor	Product	Version	Update	Type
linux	linux_kernel	*	<built-in method update of dict object at 0x72a9b0a77200>	Operating System
linux	linux_kernel	*	<built-in method update of dict object at 0x72a9b0b5ffc0>	Operating System
linux	linux_kernel	*	<built-in method update of dict object at 0x72a9cc55f6c0>	Operating System
linux	linux_kernel	*	<built-in method update of dict object at 0x72a9b0a75e40>	Operating System
linux	linux_kernel	*	<built-in method update of dict object at 0x72a9b0a74440>	Operating System
linux	linux_kernel	*	<built-in method update of dict object at 0x72a9b0a75700>	Operating System
linux	linux_kernel	*	<built-in method update of dict object at 0x72a9b0c78480>	Operating System
linux	linux_kernel	*	<built-in method update of dict object at 0x72a9b0a77b40>	Operating System
redhat	enterprise_linux_server_aus	6.5	<built-in method update of dict object at 0x72a9b0a76580>	Operating System
debian	debian_linux	7.0	<built-in method update of dict object at 0x72a9b0a742c0>	Operating System
debian	debian_linux	8.0	<built-in method update of dict object at 0x72a9cc55d080>	Operating System
canonical	ubuntu_linux	12.04	<built-in method update of dict object at 0x72a9b0b5c4c0>	Operating System
canonical	ubuntu_linux	14.04	<built-in method update of dict object at 0x72a9cc55f700>	Operating System
canonical	ubuntu_linux	15.04	<built-in method update of dict object at 0x72a9cc55d340>	Operating System

Affected Configurations

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:linux:linux_kernel::::::::`
Yes	`cpe:2.3:o:linux:linux_kernel::::::::`
Yes	`cpe:2.3:o:linux:linux_kernel::::::::`
Yes	`cpe:2.3:o:linux:linux_kernel::::::::`
Yes	`cpe:2.3:o:linux:linux_kernel::::::::`
Yes	`cpe:2.3:o:linux:linux_kernel::::::::`
Yes	`cpe:2.3:o:linux:linux_kernel::::::::`
Yes	`cpe:2.3:o:linux:linux_kernel::::::::`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:debian:debian_linux:7.0:::::::*`
Yes	`cpe:2.3:o:debian:debian_linux:8.0:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:canonical:ubuntu_linux:12.04::::-:::`
Yes	`cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::`
Yes	`cpe:2.3:o:canonical:ubuntu_linux:15.04:::::::*`

References

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=beb39db59d14990e401e235faf66a6b9b31240b0
Source: [email protected]

Vendor Advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
Source: [email protected]

Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.html
Source: [email protected]

Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00049.html
Source: [email protected]

Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html
Source: [email protected]

Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html
Source: [email protected]

Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00007.html
Source: [email protected]

Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00008.html
Source: [email protected]

Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.html
Source: [email protected]

Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00010.html
Source: [email protected]

Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00011.html
Source: [email protected]

Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00018.html
Source: [email protected]

Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00021.html
Source: [email protected]

Mailing List Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1623.html
Source: [email protected]

Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1778.html
Source: [email protected]

Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1787.html
Source: [email protected]

Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0045.html
Source: [email protected]

Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-1096.html
Source: [email protected]

Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-1100.html
Source: [email protected]

Third Party Advisory
http://www.debian.org/security/2015/dsa-3313
Source: [email protected]

Third Party Advisory
http://www.debian.org/security/2015/dsa-3329
Source: [email protected]

Third Party Advisory
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.6
Source: [email protected]

Vendor Advisory
http://www.openwall.com/lists/oss-security/2015/06/30/13
Source: [email protected]

Mailing List Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
Source: [email protected]

Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
Source: [email protected]

Third Party Advisory
http://www.securityfocus.com/bid/75510
Source: [email protected]

Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1032794
Source: [email protected]

Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-2680-1
Source: [email protected]

Third Party Advisory
http://www.ubuntu.com/usn/USN-2681-1
Source: [email protected]

Third Party Advisory
http://www.ubuntu.com/usn/USN-2682-1
Source: [email protected]

Third Party Advisory
http://www.ubuntu.com/usn/USN-2683-1
Source: [email protected]

Third Party Advisory
http://www.ubuntu.com/usn/USN-2684-1
Source: [email protected]

Third Party Advisory
http://www.ubuntu.com/usn/USN-2713-1
Source: [email protected]

Third Party Advisory
http://www.ubuntu.com/usn/USN-2714-1
Source: [email protected]

Third Party Advisory
https://access.redhat.com/errata/RHSA-2016:1225
Source: [email protected]

Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1239029
Source: [email protected]

Issue Tracking
https://github.com/torvalds/linux/commit/beb39db59d14990e401e235faf66a6b9b31240b0
Source: [email protected]

Third Party Advisory
https://twitter.com/grsecurity/status/605854034260426753
Source: [email protected]

Third Party Advisory
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=beb39db59d14990e401e235faf66a6b9b31240b0
Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.html
Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00049.html
Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html
Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html
Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00007.html
Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00008.html
Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.html
Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00010.html
Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00011.html
Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00018.html
Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00021.html
Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1623.html
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1778.html
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1787.html
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0045.html
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-1096.html
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-1100.html
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory
http://www.debian.org/security/2015/dsa-3313
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory
http://www.debian.org/security/2015/dsa-3329
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.0.6
Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory
http://www.openwall.com/lists/oss-security/2015/06/30/13
Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory
http://www.securityfocus.com/bid/75510
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1032794
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-2680-1
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory
http://www.ubuntu.com/usn/USN-2681-1
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory
http://www.ubuntu.com/usn/USN-2682-1
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory
http://www.ubuntu.com/usn/USN-2683-1
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory
http://www.ubuntu.com/usn/USN-2684-1
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory
http://www.ubuntu.com/usn/USN-2713-1
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory
http://www.ubuntu.com/usn/USN-2714-1
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory
https://access.redhat.com/errata/RHSA-2016:1225
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1239029
Source: af854a3a-2127-422b-91ae-364da2661108

Issue Tracking
https://github.com/torvalds/linux/commit/beb39db59d14990e401e235faf66a6b9b31240b0
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory
https://twitter.com/grsecurity/status/605854034260426753
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory