{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-01-28T00:00:00", "descriptions": [{"lang": "en", "value": "Race condition in the handle_to_path function in fs/fhandle.c in the Linux kernel through 3.19.1 allows local users to bypass intended size restrictions and trigger read operations on additional memory locations by changing the handle_bytes value of a file handle during the execution of this function."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-23T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "DSA-3170", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2015/dsa-3170"}, {"name": "USN-2660-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2660-1"}, {"name": "[oss-security] 20150129 CVE-2015-1420 - Linux kernel fs/fhandle.c race condition", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2015/01/29/12"}, {"name": "USN-2665-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2665-1"}, {"name": "[linux-kernel] 20150128 [PATCH v2] vfs: read file_handle only once in handle_to_path", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://marc.info/?l=linux-kernel&m=142247707318982&w=2"}, {"name": "SUSE-SU-2015:1611", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00021.html"}, {"name": "USN-2661-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2661-1"}, {"name": "openSUSE-SU-2015:1382", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1187534"}, {"name": "SUSE-SU-2015:1478", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html"}, {"name": "72357", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/72357"}, {"name": "USN-2667-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2667-1"}, {"name": "SUSE-SU-2015:1224", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.html"}, {"name": "SUSE-SU-2015:1592", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00018.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-1420", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Race condition in the handle_to_path function in fs/fhandle.c in the Linux kernel through 3.19.1 allows local users to bypass intended size restrictions and trigger read operations on additional memory locations by changing the handle_bytes value of a file handle during the execution of this function."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "DSA-3170", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2015/dsa-3170"}, {"name": "USN-2660-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2660-1"}, {"name": "[oss-security] 20150129 CVE-2015-1420 - Linux kernel fs/fhandle.c race condition", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2015/01/29/12"}, {"name": "USN-2665-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2665-1"}, {"name": "[linux-kernel] 20150128 [PATCH v2] vfs: read file_handle only once in handle_to_path", "refsource": "MLIST", "url": "http://marc.info/?l=linux-kernel&m=142247707318982&w=2"}, {"name": "SUSE-SU-2015:1611", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00021.html"}, {"name": "USN-2661-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2661-1"}, {"name": "openSUSE-SU-2015:1382", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1187534", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1187534"}, {"name": "SUSE-SU-2015:1478", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html"}, {"name": "72357", "refsource": "BID", "url": "http://www.securityfocus.com/bid/72357"}, {"name": "USN-2667-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2667-1"}, {"name": "SUSE-SU-2015:1224", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.html"}, {"name": "SUSE-SU-2015:1592", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00018.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T04:40:18.589Z"}, "title": "CVE Program Container", "references": [{"name": "DSA-3170", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2015/dsa-3170"}, {"name": "USN-2660-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2660-1"}, {"name": "[oss-security] 20150129 CVE-2015-1420 - Linux kernel fs/fhandle.c race condition", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2015/01/29/12"}, {"name": "USN-2665-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2665-1"}, {"name": "[linux-kernel] 20150128 [PATCH v2] vfs: read file_handle only once in handle_to_path", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://marc.info/?l=linux-kernel&m=142247707318982&w=2"}, {"name": "SUSE-SU-2015:1611", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00021.html"}, {"name": "USN-2661-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2661-1"}, {"name": "openSUSE-SU-2015:1382", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1187534"}, {"name": "SUSE-SU-2015:1478", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html"}, {"name": "72357", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/72357"}, {"name": "USN-2667-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2667-1"}, {"name": "SUSE-SU-2015:1224", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.html"}, {"name": "SUSE-SU-2015:1592", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00018.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-1420", "datePublished": "2015-03-16T10:00:00", "dateReserved": "2015-01-29T00:00:00", "dateUpdated": "2024-08-06T04:40:18.589Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "571566F6-19C8-4271-897D-A197344D73A7", "versionEndIncluding": "3.18.9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Race condition in the handle_to_path function in fs/fhandle.c in the Linux kernel through 3.19.1 allows local users to bypass intended size restrictions and trigger read operations on additional memory locations by changing the handle_bytes value of a file handle during the execution of this function."}, {"lang": "es", "value": "Condici\u00f3n de carrera en la funci\u00f3n handle_to_path en fs/fhandle.c en el Kernel de Linux a trav\u00e9s de 3.19.1 permite a usuarios locales evadir las restricciones del tama\u00f1o y lanzar operaciones de lectura en ubicaciones de memoria adicionales cambiando el valor de handle_bytes del manejador del archivo durante la ejecuci\u00f3n de su funci\u00f3n."}], "id": "CVE-2015-1420", "lastModified": "2016-12-28T02:59:03.993", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 1.9, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-03-16T10:59:06.007", "references": [{"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00018.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00021.html"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=linux-kernel&m=142247707318982&w=2"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2015/dsa-3170"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2015/01/29/12"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/72357"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-2660-1"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-2661-1"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-2665-1"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-2667-1"}, {"source": "cve@mitre.org", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1187534"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: fs/fhandle.c race condition", "id": "1187534", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1187534"}, "csaw": false, "cvss": {"cvss_base_score": "2.6", "cvss_scoring_vector": "AV:L/AC:H/Au:N/C:P/I:P/A:N", "status": "draft"}, "cwe": "CWE-841->CWE-770->CWE-454", "details": ["Race condition in the handle_to_path function in fs/fhandle.c in the Linux kernel through 3.19.1 allows local users to bypass intended size restrictions and trigger read operations on additional memory locations by changing the handle_bytes value of a file handle during the execution of this function."], "name": "CVE-2015-1420", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:enterprise_mrg:2", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise MRG 2"}], "public_date": "2015-01-28T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-1420\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-1420"], "statement": "This problem does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5. This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG-2 kernels.\nThis has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "threat_severity": "Low"}