Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2015-5707

Disclosure Date: October 19, 2015
CVE-2015-5707
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Integer overflow in the sg_start_req function in drivers/scsi/sg.c in the Linux kernel 2.6.x through 4.x before 4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large iov_count value in a write request.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • canonical,
  • debian,
  • linux,
  • suse

Products

  • debian linux 7.0,
  • debian linux 8.0,
  • linux kernel,
  • suse linux enterprise desktop 11,
  • suse linux enterprise server 11,
  • ubuntu linux 12.04,
  • ubuntu linux 14.04,
  • ubuntu linux 15.04

References

Canonical
CVE-2015-5707 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5707)
BID-76145 (http://www.securityfocus.com/bid/76145)
Advisory
USN-2738-1 (http://www.ubuntu.com/usn/USN-2738-1)
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00030.html
USN-2733-1 (http://www.ubuntu.com/usn/USN-2733-1)
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit?id=fdc81f45e9f57858da6351836507fbcf1b7583ee
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00029.html
USN-2750-1 (http://www.ubuntu.com/usn/USN-2750-1)
USN-2737-1 (http://www.ubuntu.com/usn/USN-2737-1)
https://source.android.com/security/bulletin/2017-07-01
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00021.html
DSA-3329 (http://www.debian.org/security/2015/dsa-3329)
SECTRACK-1033521 (http://www.securitytracker.com/id/1033521)
https://bugzilla.redhat.com/show_bug.cgi?id=1250030
https://github.com/torvalds/linux/commit/fdc81f45e9f57858da6351836507fbcf1b7583ee
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit?id=451a2886b6bf90e2fb378f7c46c655450fb96e81
USN-2760-1 (http://www.ubuntu.com/usn/USN-2760-1)
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00032.html
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html
USN-2759-1 (http://www.ubuntu.com/usn/USN-2759-1)
https://github.com/torvalds/linux/commit/451a2886b6bf90e2fb378f7c46c655450fb96e81
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00026.html
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00027.html
USN-2734-1 (http://www.ubuntu.com/usn/USN-2734-1)
[oss-security] 20150801 CVE request: Integer overflow in SCSI generic driver in Linux <4.1 (http://www.openwall.com/lists/oss-security/2015/08/01/6)
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00028.html
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00018.html
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00031.html

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis