CVE-2015-3339
Description
Race condition in the prepare_binprm function in fs/exec.c in the Linux kernel before 3.19.6 allows local users to gain privileges by executing a setuid program at a time instant when a chown to root is in progress, and the ownership is changed but the setuid bit is not yet stripped.
Risk Information
Base Score
7.0
MODERATE
Vector
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.032
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Linux kernel (USN-2596-1) linux-image-3.2.0-83-generic_3.2.0-83.120_i386.deb | Linux |
| Linux kernel (USN-2596-1) linux-image-3.2.0-83-generic_3.2.0-83.120_amd64.deb | Linux |
| Linux kernel (USN-2596-1) linux-image-3.2.0-83-virtual_3.2.0-83.120_i386.deb | Linux |
| Linux kernel (USN-2596-1) linux-image-3.2.0-83-virtual_3.2.0-83.120_amd64.deb | Linux |
| Linux kernel (USN-2596-1) linux-image-3.2.0-83-generic-pae_3.2.0-83.120_i386.deb | Linux |
| Linux hardware enablement kernel from Trusty (USN-2597-1) linux-image-3.13.0-52-generic_3.13.0-52.86~precise1_i386.deb | Linux |
| Linux hardware enablement kernel from Trusty (USN-2597-1) linux-image-3.13.0-52-generic_3.13.0-52.86~precise1_amd64.deb | Linux |
| Linux kernel (USN-2598-1) linux-image-3.13.0-52-generic_3.13.0-52.86_i386.deb | Linux |
| Linux kernel (USN-2598-1) linux-image-3.13.0-52-generic_3.13.0-52.86_amd64.deb | Linux |
| Linux kernel (USN-2598-1) linux-image-3.13.0-52-lowlatency_3.13.0-52.86_i386.deb | Linux |
| Linux kernel (USN-2598-1) linux-image-3.13.0-52-lowlatency_3.13.0-52.86_amd64.deb | Linux |
| Linux hardware enablement kernel from Utopic (USN-2599-1) linux-image-3.16.0-37-generic_3.16.0-37.51~14.04.1_i386.deb | Linux |
| Linux hardware enablement kernel from Utopic (USN-2599-1) linux-image-3.16.0-37-generic_3.16.0-37.51~14.04.1_amd64.deb | Linux |
| Linux hardware enablement kernel from Utopic (USN-2599-1) linux-image-3.16.0-37-lowlatency_3.16.0-37.51~14.04.1_i386.deb | Linux |
| Linux hardware enablement kernel from Utopic (USN-2599-1) linux-image-3.16.0-37-lowlatency_3.16.0-37.51~14.04.1_amd64.deb | Linux |
| Linux kernel (USN-2601-1) linux-image-3.19.0-16-generic_3.19.0-16.16_i386.deb | Linux |
| Linux kernel (USN-2601-1) linux-image-3.19.0-16-generic_3.19.0-16.16_amd64.deb | Linux |
| Linux kernel (USN-2601-1) linux-image-3.19.0-16-lowlatency_3.19.0-16.16_i386.deb | Linux |
| Linux kernel (USN-2601-1) linux-image-3.19.0-16-lowlatency_3.19.0-16.16_amd64.deb | Linux |
| Dtrace-modules-3.8.13-68.3.5.el6uek update (ELSA-2015-3053) dtrace-modules-3.8.13-68.3.5.el6uek-0.4.3-4.el6.x86_64.rpm | Linux |
| Dtrace-modules-3.8.13-68.3.5.el7uek update (ELSA-2015-3053) dtrace-modules-3.8.13-68.3.5.el7uek-0.4.3-4.el7.x86_64.rpm | Linux |
| Dtrace-modules-3.8.13-98.el6uek update (ELSA-2015-3064) dtrace-modules-3.8.13-98.el6uek-0.4.5-2.el6.x86_64.rpm | Linux |
| Dtrace-modules-3.8.13-98.el7uek update (ELSA-2015-3064) dtrace-modules-3.8.13-98.el7uek-0.4.5-3.el7.x86_64.rpm | Linux |
| Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition) Vulnerability (CVE-2015-3339) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234