Home

CVE-2015-1420

Description

Race condition in the handle_to_path function in fs/fhandle.c in the Linux kernel through 3.19.1 allows local users to bypass intended size restrictions and trigger read operations on additional memory locations by changing the handle_bytes value of a file handle during the execution of this function.

Risk Information

Base Score
9.1
MODERATE
Vector
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
EPSS Score
Exploitation Probability
0.027

Associated Vulnerability

VulnerabilityOS Platform
Linux kernel (USN-2660-1) linux-image-3.2.0-87-generic_3.2.0-87.125_i386.debLinux
Linux kernel (USN-2660-1) linux-image-3.2.0-87-generic_3.2.0-87.125_amd64.debLinux
Linux kernel (USN-2660-1) linux-image-3.2.0-87-virtual_3.2.0-87.125_i386.debLinux
Linux kernel (USN-2660-1) linux-image-3.2.0-87-virtual_3.2.0-87.125_amd64.debLinux
Linux kernel (USN-2660-1) linux-image-3.2.0-87-generic-pae_3.2.0-87.125_i386.debLinux
Linux hardware enablement kernel from Trusty (USN-2662-1) linux-image-3.13.0-57-generic_3.13.0-57.95~precise1_i386.debLinux
Linux hardware enablement kernel from Trusty (USN-2662-1) linux-image-3.13.0-57-generic_3.13.0-57.95~precise1_amd64.debLinux
Linux kernel (USN-2663-1) linux-image-3.13.0-57-generic_3.13.0-57.95_i386.debLinux
Linux kernel (USN-2663-1) linux-image-3.13.0-57-generic_3.13.0-57.95_amd64.debLinux
Linux kernel (USN-2663-1) linux-image-3.13.0-57-lowlatency_3.13.0-57.95_i386.debLinux
Linux kernel (USN-2663-1) linux-image-3.13.0-57-lowlatency_3.13.0-57.95_amd64.debLinux
Linux hardware enablement kernel from Utopic (USN-2664-1) linux-image-3.16.0-43-generic_3.16.0-43.58~14.04.1_i386.debLinux
Linux hardware enablement kernel from Utopic (USN-2664-1) linux-image-3.16.0-43-generic_3.16.0-43.58~14.04.1_amd64.debLinux
Linux hardware enablement kernel from Utopic (USN-2664-1) linux-image-3.16.0-43-lowlatency_3.16.0-43.58~14.04.1_i386.debLinux
Linux hardware enablement kernel from Utopic (USN-2664-1) linux-image-3.16.0-43-lowlatency_3.16.0-43.58~14.04.1_amd64.debLinux
Linux hardware enablement kernel from Vivid (USN-2665-1) linux-image-3.19.0-22-generic_3.19.0-22.22~14.04.1_i386.debLinux
Linux hardware enablement kernel from Vivid (USN-2665-1) linux-image-3.19.0-22-generic_3.19.0-22.22~14.04.1_amd64.debLinux
Linux hardware enablement kernel from Vivid (USN-2665-1) linux-image-3.19.0-22-lowlatency_3.19.0-22.22~14.04.1_i386.debLinux
Linux hardware enablement kernel from Vivid (USN-2665-1) linux-image-3.19.0-22-lowlatency_3.19.0-22.22~14.04.1_amd64.debLinux
Linux kernel (USN-2667-1) linux-image-3.19.0-22-generic_3.19.0-22.22_i386.debLinux
Linux kernel (USN-2667-1) linux-image-3.19.0-22-generic_3.19.0-22.22_amd64.debLinux
Linux kernel (USN-2667-1) linux-image-3.19.0-22-lowlatency_3.19.0-22.22_i386.debLinux
Linux kernel (USN-2667-1) linux-image-3.19.0-22-lowlatency_3.19.0-22.22_amd64.debLinux
Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition) Vulnerability (CVE-2015-1420)NCM

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234