CVE 2015-2686
net/socket.c in the Linux kernel 3.19 before 3.19.3 does not validate certain range data for (1) sendto and (2) recvfrom system calls, which allows local users to gain privileges by leveraging a subsystem that uses the copy_from_iter function in the iov_iter interface, as demonstrated by the Bluetooth subsystem.
Related bugs and status
CVE-2015-2686 (Candidate) is related to these bugs:
Bug #1438508: CVE-2015-2686
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1438508 | CVE-2015-2686 | linux (Ubuntu) | Medium | Invalid | ||
1438508 | CVE-2015-2686 | linux-fsl-imx51 (Ubuntu) | Medium | Invalid | ||
1438508 | CVE-2015-2686 | linux-mvl-dove (Ubuntu) | Medium | Invalid | ||
1438508 | CVE-2015-2686 | linux-lts-backport-maverick (Ubuntu) | Undecided | New | ||
1438508 | CVE-2015-2686 | linux-lts-backport-natty (Ubuntu) | Undecided | New | ||
1438508 | CVE-2015-2686 | linux-ti-omap4 (Ubuntu) | Medium | Invalid | ||
1438508 | CVE-2015-2686 | linux-ec2 (Ubuntu) | Medium | Invalid | ||
1438508 | CVE-2015-2686 | linux (Ubuntu Vivid) | Medium | Invalid | ||
1438508 | CVE-2015-2686 | linux-ec2 (Ubuntu Vivid) | Medium | Invalid | ||
1438508 | CVE-2015-2686 | linux-fsl-imx51 (Ubuntu Vivid) | Medium | Invalid | ||
1438508 | CVE-2015-2686 | linux-lts-backport-maverick (Ubuntu Vivid) | Undecided | New | ||
1438508 | CVE-2015-2686 | linux-lts-backport-natty (Ubuntu Vivid) | Undecided | New | ||
1438508 | CVE-2015-2686 | linux-mvl-dove (Ubuntu Vivid) | Medium | Invalid | ||
1438508 | CVE-2015-2686 | linux-ti-omap4 (Ubuntu Vivid) | Medium | Invalid | ||
1438508 | CVE-2015-2686 | linux-lts-backport-maverick (Ubuntu Utopic) | Undecided | Won't Fix | ||
1438508 | CVE-2015-2686 | linux-lts-backport-natty (Ubuntu Utopic) | Undecided | Won't Fix | ||
1438508 | CVE-2015-2686 | linux (Ubuntu Trusty) | Medium | Invalid | ||
1438508 | CVE-2015-2686 | linux-ec2 (Ubuntu Trusty) | Medium | Invalid | ||
1438508 | CVE-2015-2686 | linux-fsl-imx51 (Ubuntu Trusty) | Medium | Invalid | ||
1438508 | CVE-2015-2686 | linux-lts-backport-maverick (Ubuntu Trusty) | Undecided | New | ||
1438508 | CVE-2015-2686 | linux-lts-backport-natty (Ubuntu Trusty) | Undecided | New | ||
1438508 | CVE-2015-2686 | linux-mvl-dove (Ubuntu Trusty) | Medium | Invalid | ||
1438508 | CVE-2015-2686 | linux-ti-omap4 (Ubuntu Trusty) | Medium | Invalid | ||
1438508 | CVE-2015-2686 | linux (Ubuntu Precise) | Medium | Invalid | ||
1438508 | CVE-2015-2686 | linux-ec2 (Ubuntu Precise) | Medium | Invalid | ||
1438508 | CVE-2015-2686 | linux-fsl-imx51 (Ubuntu Precise) | Medium | Invalid | ||
1438508 | CVE-2015-2686 | linux-lts-backport-maverick (Ubuntu Precise) | Undecided | Won't Fix | ||
1438508 | CVE-2015-2686 | linux-lts-backport-natty (Ubuntu Precise) | Undecided | Won't Fix | ||
1438508 | CVE-2015-2686 | linux-mvl-dove (Ubuntu Precise) | Medium | Invalid | ||
1438508 | CVE-2015-2686 | linux-ti-omap4 (Ubuntu Precise) | Medium | Invalid | ||
1438508 | CVE-2015-2686 | linux-lts-backport-maverick (Ubuntu Lucid) | Undecided | Won't Fix | ||
1438508 | CVE-2015-2686 | linux-lts-backport-natty (Ubuntu Lucid) | Undecided | Won't Fix | ||
1438508 | CVE-2015-2686 | linux-lts-trusty (Ubuntu) | Medium | Invalid | ||
1438508 | CVE-2015-2686 | linux-lts-trusty (Ubuntu Precise) | Medium | Invalid | ||
1438508 | CVE-2015-2686 | linux-lts-trusty (Ubuntu Trusty) | Medium | Invalid | ||
1438508 | CVE-2015-2686 | linux-lts-trusty (Ubuntu Vivid) | Medium | Invalid | ||
1438508 | CVE-2015-2686 | linux-armadaxp (Ubuntu) | Medium | Invalid | ||
1438508 | CVE-2015-2686 | linux-armadaxp (Ubuntu Precise) | Medium | Invalid | ||
1438508 | CVE-2015-2686 | linux-armadaxp (Ubuntu Trusty) | Medium | Invalid | ||
1438508 | CVE-2015-2686 | linux-armadaxp (Ubuntu Vivid) | Medium | Invalid | ||
1438508 | CVE-2015-2686 | linux-goldfish (Ubuntu) | Medium | Invalid | ||
1438508 | CVE-2015-2686 | linux-goldfish (Ubuntu Precise) | Medium | Invalid | ||
1438508 | CVE-2015-2686 | linux-goldfish (Ubuntu Trusty) | Medium | Invalid | ||
1438508 | CVE-2015-2686 | linux-goldfish (Ubuntu Vivid) | Medium | Invalid | ||
1438508 | CVE-2015-2686 | linux-lts-saucy (Ubuntu) | Medium | Invalid | ||
1438508 | CVE-2015-2686 | linux-lts-saucy (Ubuntu Precise) | Medium | Invalid | ||
1438508 | CVE-2015-2686 | linux-lts-saucy (Ubuntu Trusty) | Medium | Invalid | ||
1438508 | CVE-2015-2686 | linux-lts-saucy (Ubuntu Vivid) | Medium | Invalid | ||
1438508 | CVE-2015-2686 | linux-lts-quantal (Ubuntu) | Medium | Invalid | ||
1438508 | CVE-2015-2686 | linux-lts-quantal (Ubuntu Precise) | Medium | Invalid | ||
1438508 | CVE-2015-2686 | linux-lts-quantal (Ubuntu Trusty) | Medium | Invalid | ||
1438508 | CVE-2015-2686 | linux-lts-quantal (Ubuntu Vivid) | Medium | Invalid | ||
1438508 | CVE-2015-2686 | linux-flo (Ubuntu) | Medium | Invalid | ||
1438508 | CVE-2015-2686 | linux-flo (Ubuntu Precise) | Medium | Invalid | ||
1438508 | CVE-2015-2686 | linux-flo (Ubuntu Trusty) | Medium | Invalid | ||
1438508 | CVE-2015-2686 | linux-flo (Ubuntu Vivid) | Medium | Invalid | ||
1438508 | CVE-2015-2686 | linux-mako (Ubuntu) | Medium | Invalid | ||
1438508 | CVE-2015-2686 | linux-mako (Ubuntu Precise) | Medium | Invalid | ||
1438508 | CVE-2015-2686 | linux-mako (Ubuntu Trusty) | Medium | Invalid | ||
1438508 | CVE-2015-2686 | linux-mako (Ubuntu Vivid) | Medium | Invalid | ||
1438508 | CVE-2015-2686 | linux-lts-utopic (Ubuntu) | Medium | Invalid | ||
1438508 | CVE-2015-2686 | linux-lts-utopic (Ubuntu Precise) | Medium | Invalid | ||
1438508 | CVE-2015-2686 | linux-lts-utopic (Ubuntu Trusty) | Medium | Invalid | ||
1438508 | CVE-2015-2686 | linux-lts-utopic (Ubuntu Vivid) | Medium | Invalid | ||
1438508 | CVE-2015-2686 | linux-lts-raring (Ubuntu) | Medium | Invalid | ||
1438508 | CVE-2015-2686 | linux-lts-raring (Ubuntu Precise) | Medium | Invalid | ||
1438508 | CVE-2015-2686 | linux-lts-raring (Ubuntu Trusty) | Medium | Invalid | ||
1438508 | CVE-2015-2686 | linux-lts-raring (Ubuntu Vivid) | Medium | Invalid | ||
1438508 | CVE-2015-2686 | linux-manta (Ubuntu) | Medium | Invalid | ||
1438508 | CVE-2015-2686 | linux-manta (Ubuntu Precise) | Medium | Invalid | ||
1438508 | CVE-2015-2686 | linux-manta (Ubuntu Trusty) | Medium | Invalid | ||
1438508 | CVE-2015-2686 | linux-manta (Ubuntu Vivid) | Medium | Invalid | ||
1438508 | CVE-2015-2686 | linux (Ubuntu Wily) | Medium | Invalid | ||
1438508 | CVE-2015-2686 | linux-armadaxp (Ubuntu Wily) | Medium | Invalid | ||
1438508 | CVE-2015-2686 | linux-ec2 (Ubuntu Wily) | Medium | Invalid |
See the
CVE page on Mitre.org
for more details.