CVE-2015-3331 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	9.3 UNKNOWN	NETWORK	MEDIUM		AV:N/AC:M/Au:N/C:C/I:C/A:C

Base Score

CVSS 3.x

EPSS Score

Percentile: 88%

Affected Products (NVD)

Vendor	Product	Version
linux	linux_kernel	𝑥 < 3.2.69
linux	linux_kernel	3.3 ≤ 𝑥 < 3.4.108
linux	linux_kernel	3.5 ≤ 𝑥 < 3.10.73
linux	linux_kernel	3.12 ≤ 𝑥 < 3.12.40
linux	linux_kernel	3.13 ≤ 𝑥 < 3.14.37
linux	linux_kernel	3.15 ≤ 𝑥 < 3.16.35
linux	linux_kernel	3.17 ≤ 𝑥 < 3.18.11
linux	linux_kernel	3.19 ≤ 𝑥 < 3.19.3
debian	debian_linux	7.0
debian	debian_linux	8.0
canonical	ubuntu_linux	12.04

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

linux

bookworm	6.1.106-3 fixed
bookworm (security)	6.1.112-1 fixed
bullseye	5.10.223-1 fixed
bullseye (security)	5.10.226-1 fixed
sid	6.11.6-1 fixed
squeeze	not-affected
trixie	6.11.5-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

linux

lucid	not-affected
precise	Fixed 3.2.0-85.122 released
trusty	Fixed 3.13.0-53.88 released
utopic	Fixed 3.16.0-38.52 released
vivid	not-affected
wily	not-affected
xenial	not-affected
yakkety	not-affected
zesty	not-affected

linux-2.6

lucid	dne
precise	dne
trusty	dne
utopic	dne
vivid	dne
wily	dne
xenial	dne
yakkety	dne
zesty	dne

linux-armadaxp

lucid	dne
precise	Fixed 3.2.0-1651.71 released
trusty	dne
utopic	dne
vivid	dne
wily	dne
xenial	dne
yakkety	dne
zesty	dne

linux-aws

precise	dne
trusty	not-affected
xenial	not-affected
yakkety	dne
zesty	dne

linux-ec2

lucid	not-affected
precise	dne
trusty	dne
utopic	dne
vivid	dne
wily	dne
xenial	dne
yakkety	dne
zesty	dne

linux-flo

lucid	dne
precise	dne
trusty	dne
utopic	ignored
vivid	ignored
wily	ignored
xenial	ignored
yakkety	ignored
zesty	dne

linux-fsl-imx51

lucid	ignored
precise	dne
trusty	dne
utopic	dne
vivid	dne
wily	dne
xenial	dne
yakkety	dne
zesty	dne

linux-gke

precise	dne
trusty	dne
xenial	not-affected
yakkety	dne
zesty	dne

linux-goldfish

lucid	dne
precise	dne
trusty	dne
utopic	ignored
vivid	ignored
wily	ignored
xenial	ignored
yakkety	ignored
zesty	ignored

linux-grouper

lucid	dne
precise	dne
trusty	dne
utopic	ignored
vivid	dne
wily	dne
xenial	dne
yakkety	dne
zesty	dne

linux-hwe

precise	dne
trusty	dne
xenial	not-affected
yakkety	dne
zesty	dne

linux-hwe-edge

precise	dne
trusty	dne
xenial	not-affected
yakkety	dne
zesty	dne

linux-linaro-omap

lucid	dne
precise	ignored
trusty	dne
utopic	dne
vivid	dne
wily	dne
xenial	dne
yakkety	dne
zesty	dne

linux-linaro-shared

lucid	dne
precise	ignored
trusty	dne
utopic	dne
vivid	dne
wily	dne
xenial	dne
yakkety	dne
zesty	dne

linux-linaro-vexpress

lucid	dne
precise	ignored
trusty	dne
utopic	dne
vivid	dne
wily	dne
xenial	dne
yakkety	dne
zesty	dne

linux-lts-quantal

lucid	dne
precise	ignored
trusty	dne
utopic	dne
vivid	dne
wily	dne
xenial	dne
yakkety	dne
zesty	dne

linux-lts-raring

lucid	dne
precise	ignored
trusty	dne
utopic	dne
vivid	dne
wily	dne
xenial	dne
yakkety	dne
zesty	dne

linux-lts-saucy

lucid	dne
precise	ignored
trusty	dne
utopic	dne
vivid	dne
wily	dne
xenial	dne
yakkety	dne
zesty	dne

linux-lts-trusty

lucid	dne
precise	Fixed 3.13.0-53.87~precise1 released
trusty	dne
utopic	dne
vivid	dne
wily	dne
xenial	dne
yakkety	dne
zesty	dne

linux-lts-utopic

lucid	dne
precise	dne
trusty	Fixed 3.16.0-38.52~14.04.1 released
utopic	dne
vivid	dne
wily	dne
xenial	dne
yakkety	dne
zesty	dne

linux-lts-vivid

lucid	dne
precise	dne
trusty	dne
utopic	dne
vivid	dne
wily	dne
xenial	dne
yakkety	dne
zesty	dne

linux-lts-wily

precise	dne
trusty	dne
vivid	dne
wily	dne
xenial	dne
yakkety	dne
zesty	dne

linux-lts-xenial

precise	dne
trusty	not-affected
vivid	dne
wily	dne
xenial	dne
yakkety	dne
zesty	dne

linux-maguro

lucid	dne
precise	dne
trusty	dne
utopic	dne
vivid	dne
wily	dne
xenial	dne
yakkety	dne
zesty	dne

linux-mako

lucid	dne
precise	dne
trusty	dne
utopic	ignored
vivid	ignored
wily	ignored
xenial	ignored
yakkety	ignored
zesty	dne

linux-manta

lucid	dne
precise	dne
trusty	dne
utopic	ignored
vivid	ignored
wily	ignored
xenial	dne
yakkety	dne
zesty	dne

linux-mvl-dove

lucid	ignored
precise	dne
trusty	dne
utopic	dne
vivid	dne
wily	dne
xenial	dne
yakkety	dne
zesty	dne

linux-qcm-msm

lucid	ignored
precise	ignored
trusty	dne
utopic	dne
vivid	dne
wily	dne
xenial	dne
yakkety	dne
zesty	dne

linux-raspi2

precise	dne
trusty	dne
vivid	dne
wily	not-affected
xenial	not-affected
yakkety	not-affected
zesty	not-affected

linux-snapdragon

precise	dne
trusty	dne
wily	dne
xenial	not-affected
yakkety	not-affected
zesty	not-affected

linux-ti-omap4

lucid	dne
precise	Fixed 3.2.0-1465.85 released
trusty	dne
utopic	dne
vivid	dne
wily	dne
xenial	dne
yakkety	dne
zesty	dne

Common Weakness Enumeration

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

References

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ccfe8c3f7e52ae83155cb038753f4c75b774ca8a

http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html

http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00007.html

http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00008.html

http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.html

http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00011.html

http://rhn.redhat.com/errata/RHSA-2015-1081.html

http://rhn.redhat.com/errata/RHSA-2015-1199.html

http://www.debian.org/security/2015/dsa-3237

http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.19.3

http://www.openwall.com/lists/oss-security/2015/04/14/16

http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

http://www.securitytracker.com/id/1032416

http://www.ubuntu.com/usn/USN-2631-1

http://www.ubuntu.com/usn/USN-2632-1

https://bugzilla.redhat.com/show_bug.cgi?id=1213322

https://github.com/torvalds/linux/commit/ccfe8c3f7e52ae83155cb038753f4c75b774ca8a