Vulnerabilities > CVE-2015-0570 - Out-of-bounds Write vulnerability in Linux Kernel
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Stack-based buffer overflow in the SET_WPS_IE IOCTL implementation in wlan_hdd_hostapd.c in the WLAN (aka Wi-Fi) driver for the Linux kernel 3.x and 4.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges via a crafted application that uses a long WPS IE element.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family | Huawei Local Security Checks |
NASL id | EULEROS_SA-2019-1478.NASL |
description | According to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - In the ea_get function in fs/jfs/xattr.c in the Linux kernel through 4.17.1, a memory corruption bug in JFS can be triggered by calling setxattr twice with two different extended attribute names on the same file. This vulnerability can be triggered by an unprivileged user with the ability to create files and execute programs. A kmalloc call is incorrect, leading to slab-out-of-bounds in jfs_xattr.(CVE-2018-12233i1/4%0 - The spectre_v2_select_mitigation function in arch/x86/kernel/cpu/bugs.c in the Linux kernel before 4.18.1 does not always fill RSB upon a context switch, which makes it easier for attackers to conduct userspace-userspace spectreRSB attacks.(CVE-2018-15572i1/4%0 - Race condition in the queue_delete function in sound/core/seq/seq_queue.c in the Linux kernel before 4.4.1 allows local users to cause a denial of service (use-after-free and system crash) by making an ioctl call at a certain time.(CVE-2016-2544i1/4%0 - A flaw was found in the Linux kernel |
last seen | 2020-03-19 |
modified | 2019-05-13 |
plugin id | 124802 |
published | 2019-05-13 |
reporter | This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/124802 |
title | EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1478) |
References
- http://source.android.com/security/bulletin/2016-05-01.html
- http://source.android.com/security/bulletin/2016-05-01.html
- http://www.securityfocus.com/bid/77691
- http://www.securityfocus.com/bid/77691
- https://www.codeaurora.org/projects/security-advisories/multiple-issues-wlan-driver-allow-local-privilege-escalation-cve-2015
- https://www.codeaurora.org/projects/security-advisories/multiple-issues-wlan-driver-allow-local-privilege-escalation-cve-2015