CVE-2015-7312
Severity CVSS v4.0:
Pending analysis
Type:
CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Publication date:
16/11/2015
Last modified:
12/04/2025
Description
Multiple race conditions in the Advanced Union Filesystem (aufs) aufs3-mmap.patch and aufs4-mmap.patch patches for the Linux kernel 3.x and 4.x allow local users to cause a denial of service (use-after-free and BUG) or possibly gain privileges via a (1) madvise or (2) msync system call, related to mm/madvise.c and mm/msync.c.
Impact
Base Score 2.0
4.40
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 3.0.0 (including) | 3.19.8 (including) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.0.0 (including) | 4.20.15 (including) |
| cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:* | ||
| cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://sourceforge.net/p/aufs/mailman/message/34449209/
- http://www.debian.org/security/2015/dsa-3364
- http://www.openwall.com/lists/oss-security/2015/09/22/10
- http://www.ubuntu.com/usn/USN-2777-1
- http://sourceforge.net/p/aufs/mailman/message/34449209/
- http://www.debian.org/security/2015/dsa-3364
- http://www.openwall.com/lists/oss-security/2015/09/22/10
- http://www.ubuntu.com/usn/USN-2777-1