CVE-2015-1593 - Vulnerability Details

Vendors	Products
Linux	Linux Kernel
Redhat	Enterprise Linux Enterprise Mrg Rhel Extras Rt

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 6
kernel-0:2.6.32-504.30.3.el6	cpe:/o:redhat:enterprise_linux:6	RHSA-2015:1221	2015-07-14T00:00:00Z
Red Hat Enterprise Linux 7
kernel-rt-0:3.10.0-229.7.2.rt56.141.6.el7_1	cpe:/a:redhat:rhel_extras_rt:7	RHSA-2015:1139	2015-06-23T00:00:00Z
kernel-0:3.10.0-229.7.2.el7	cpe:/o:redhat:enterprise_linux:7	RHSA-2015:1137	2015-06-23T00:00:00Z
Red Hat Enterprise Linux 8
kernel-0:4.18.0-147.el8	cpe:/o:redhat:enterprise_linux:8	RHSA-2019:3517	2019-11-05T00:00:00Z
Red Hat Enterprise MRG 2
kernel-rt-1:3.10.0-229.rt56.153.el6rt	cpe:/a:redhat:enterprise_mrg:2:server:el6	RHSA-2015:1138	2015-06-23T00:00:00Z

Link	Providers
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4e7c22d447bb6d7e37bfe39ff658486ae78e8d77
http://hmarco.org/bugs/linux-ASLR-integer-overflow.html
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00009.html
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html
http://rhn.redhat.com/errata/RHSA-2015-1137.html
http://rhn.redhat.com/errata/RHSA-2015-1138.html
http://rhn.redhat.com/errata/RHSA-2015-1221.html
http://www.debian.org/security/2015/dsa-3170
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.19.1
http://www.openwall.com/lists/oss-security/2015/02/13/13
http://www.securityfocus.com/bid/72607
http://www.ubuntu.com/usn/USN-2560-1
http://www.ubuntu.com/usn/USN-2561-1
http://www.ubuntu.com/usn/USN-2562-1
http://www.ubuntu.com/usn/USN-2563-1
http://www.ubuntu.com/usn/USN-2564-1
http://www.ubuntu.com/usn/USN-2565-1
https://access.redhat.com/errata/RHSA-2019:3517
https://bugzilla.redhat.com/show_bug.cgi?id=1192519
https://github.com/torvalds/linux/commit/4e7c22d447bb6d7e37bfe39ff658486ae78e8d77
https://lkml.org/lkml/2015/1/7/811
https://nvd.nist.gov/vuln/detail/CVE-2015-1593
https://www.cve.org/CVERecord?id=CVE-2015-1593

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-01-07T00:00:00", "descriptions": [{"lang": "en", "value": "The stack randomization feature in the Linux kernel before 3.19.1 on 64-bit platforms uses incorrect data types for the results of bitwise left-shift operations, which makes it easier for attackers to bypass the ASLR protection mechanism by predicting the address of the top of the stack, related to the randomize_stack_top function in fs/binfmt_elf.c and the stack_maxrandom_size function in arch/x86/mm/mmap.c."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-11-06T00:07:10", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/torvalds/linux/commit/4e7c22d447bb6d7e37bfe39ff658486ae78e8d77"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.19.1"}, {"name": "DSA-3170", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2015/dsa-3170"}, {"name": "SUSE-SU-2015:0736", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html"}, {"name": "USN-2562-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2562-1"}, {"name": "USN-2565-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2565-1"}, {"name": "USN-2561-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2561-1"}, {"name": "72607", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/72607"}, {"name": "USN-2564-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2564-1"}, {"name": "USN-2563-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2563-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4e7c22d447bb6d7e37bfe39ff658486ae78e8d77"}, {"name": "RHSA-2015:1138", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1138.html"}, {"tags": ["x_refsource_MISC"], "url": "http://hmarco.org/bugs/linux-ASLR-integer-overflow.html"}, {"name": "USN-2560-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2560-1"}, {"name": "[oss-security] 20150213 Re: CVE-Request -- Linux ASLR integer overflow", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2015/02/13/13"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1192519"}, {"name": "openSUSE-SU-2015:0714", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00009.html"}, {"name": "RHSA-2015:1137", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1137.html"}, {"name": "[linux-kernel] 20150107 Re: [PATH] Fix stack randomization on x86_64 bit", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lkml.org/lkml/2015/1/7/811"}, {"name": "RHSA-2015:1221", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1221.html"}, {"name": "RHSA-2019:3517", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:3517"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-1593", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The stack randomization feature in the Linux kernel before 3.19.1 on 64-bit platforms uses incorrect data types for the results of bitwise left-shift operations, which makes it easier for attackers to bypass the ASLR protection mechanism by predicting the address of the top of the stack, related to the randomize_stack_top function in fs/binfmt_elf.c and the stack_maxrandom_size function in arch/x86/mm/mmap.c."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/torvalds/linux/commit/4e7c22d447bb6d7e37bfe39ff658486ae78e8d77", "refsource": "CONFIRM", "url": "https://github.com/torvalds/linux/commit/4e7c22d447bb6d7e37bfe39ff658486ae78e8d77"}, {"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.19.1", "refsource": "CONFIRM", "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.19.1"}, {"name": "DSA-3170", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2015/dsa-3170"}, {"name": "SUSE-SU-2015:0736", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html"}, {"name": "USN-2562-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2562-1"}, {"name": "USN-2565-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2565-1"}, {"name": "USN-2561-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2561-1"}, {"name": "72607", "refsource": "BID", "url": "http://www.securityfocus.com/bid/72607"}, {"name": "USN-2564-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2564-1"}, {"name": "USN-2563-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2563-1"}, {"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=4e7c22d447bb6d7e37bfe39ff658486ae78e8d77", "refsource": "CONFIRM", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=4e7c22d447bb6d7e37bfe39ff658486ae78e8d77"}, {"name": "RHSA-2015:1138", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-1138.html"}, {"name": "http://hmarco.org/bugs/linux-ASLR-integer-overflow.html", "refsource": "MISC", "url": "http://hmarco.org/bugs/linux-ASLR-integer-overflow.html"}, {"name": "USN-2560-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2560-1"}, {"name": "[oss-security] 20150213 Re: CVE-Request -- Linux ASLR integer overflow", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2015/02/13/13"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1192519", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1192519"}, {"name": "openSUSE-SU-2015:0714", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00009.html"}, {"name": "RHSA-2015:1137", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-1137.html"}, {"name": "[linux-kernel] 20150107 Re: [PATH] Fix stack randomization on x86_64 bit", "refsource": "MLIST", "url": "https://lkml.org/lkml/2015/1/7/811"}, {"name": "RHSA-2015:1221", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-1221.html"}, {"name": "RHSA-2019:3517", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3517"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T04:47:17.066Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/torvalds/linux/commit/4e7c22d447bb6d7e37bfe39ff658486ae78e8d77"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.19.1"}, {"name": "DSA-3170", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2015/dsa-3170"}, {"name": "SUSE-SU-2015:0736", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html"}, {"name": "USN-2562-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2562-1"}, {"name": "USN-2565-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2565-1"}, {"name": "USN-2561-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2561-1"}, {"name": "72607", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/72607"}, {"name": "USN-2564-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2564-1"}, {"name": "USN-2563-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2563-1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4e7c22d447bb6d7e37bfe39ff658486ae78e8d77"}, {"name": "RHSA-2015:1138", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1138.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://hmarco.org/bugs/linux-ASLR-integer-overflow.html"}, {"name": "USN-2560-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2560-1"}, {"name": "[oss-security] 20150213 Re: CVE-Request -- Linux ASLR integer overflow", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2015/02/13/13"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1192519"}, {"name": "openSUSE-SU-2015:0714", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00009.html"}, {"name": "RHSA-2015:1137", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1137.html"}, {"name": "[linux-kernel] 20150107 Re: [PATH] Fix stack randomization on x86_64 bit", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lkml.org/lkml/2015/1/7/811"}, {"name": "RHSA-2015:1221", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1221.html"}, {"name": "RHSA-2019:3517", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:3517"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-1593", "datePublished": "2015-03-16T10:00:00", "dateReserved": "2015-02-13T00:00:00", "dateUpdated": "2024-08-06T04:47:17.066Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

datePublic : 2015-01-07T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : The stack randomization feature in the Linux kernel before 3.19.1 on 64-bit platforms uses incorrect data types for the results of bitwise left-shift operations, which makes it easier for attackers to bypass the ASLR protection mechanism by predicting the address of the top of the stack, related to the randomize_stack_top function in fs/binfmt_elf.c and the stack_maxrandom_size function in arch/x86/mm/mmap.c. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2019-11-06T00:07:10 (string)

orgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

shortName : mitre (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://github.com/torvalds/linux/commit/4e7c22d447bb6d7e37bfe39ff658486ae78e8d77 (string)

}

1 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.19.1 (string)

}

2 : { »

name : DSA-3170 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_DEBIAN (string)

]

url : http://www.debian.org/security/2015/dsa-3170 (string)

}

3 : { »

name : SUSE-SU-2015:0736 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html (string)

}

4 : { »

name : USN-2562-1 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_UBUNTU (string)

]

url : http://www.ubuntu.com/usn/USN-2562-1 (string)

}

5 : { »

name : USN-2565-1 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_UBUNTU (string)

]

url : http://www.ubuntu.com/usn/USN-2565-1 (string)

}

6 : { »

name : USN-2561-1 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_UBUNTU (string)

]

url : http://www.ubuntu.com/usn/USN-2561-1 (string)

}

7 : { »

name : 72607 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

]

url : http://www.securityfocus.com/bid/72607 (string)

}

8 : { »

name : USN-2564-1 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_UBUNTU (string)

]

url : http://www.ubuntu.com/usn/USN-2564-1 (string)

}

9 : { »

name : USN-2563-1 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_UBUNTU (string)

]

url : http://www.ubuntu.com/usn/USN-2563-1 (string)

}

10 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4e7c22d447bb6d7e37bfe39ff658486ae78e8d77 (string)

}

11 : { »

name : RHSA-2015:1138 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : http://rhn.redhat.com/errata/RHSA-2015-1138.html (string)

}

12 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : http://hmarco.org/bugs/linux-ASLR-integer-overflow.html (string)

}

13 : { »

name : USN-2560-1 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_UBUNTU (string)

]

url : http://www.ubuntu.com/usn/USN-2560-1 (string)

}

14 : { »

name : [oss-security] 20150213 Re: CVE-Request -- Linux ASLR integer overflow (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

]

url : http://www.openwall.com/lists/oss-security/2015/02/13/13 (string)

}

15 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://bugzilla.redhat.com/show_bug.cgi?id=1192519 (string)

}

16 : { »

name : openSUSE-SU-2015:0714 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00009.html (string)

}

17 : { »

name : RHSA-2015:1137 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : http://rhn.redhat.com/errata/RHSA-2015-1137.html (string)

}

18 : { »

name : [linux-kernel] 20150107 Re: [PATH] Fix stack randomization on x86_64 bit (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

]

url : https://lkml.org/lkml/2015/1/7/811 (string)

}

19 : { »

name : RHSA-2015:1221 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : http://rhn.redhat.com/errata/RHSA-2015-1221.html (string)

}

20 : { »

name : RHSA-2019:3517 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : https://access.redhat.com/errata/RHSA-2019:3517 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : cve@mitre.org (string)

ID : CVE-2015-1593 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : The stack randomization feature in the Linux kernel before 3.19.1 on 64-bit platforms uses incorrect data types for the results of bitwise left-shift operations, which makes it easier for attackers to bypass the ASLR protection mechanism by predicting the address of the top of the stack, related to the randomize_stack_top function in fs/binfmt_elf.c and the stack_maxrandom_size function in arch/x86/mm/mmap.c. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://github.com/torvalds/linux/commit/4e7c22d447bb6d7e37bfe39ff658486ae78e8d77 (string)

refsource : CONFIRM (string)

url : https://github.com/torvalds/linux/commit/4e7c22d447bb6d7e37bfe39ff658486ae78e8d77 (string)

}

1 : { »

name : http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.19.1 (string)

refsource : CONFIRM (string)

url : http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.19.1 (string)

}

2 : { »

name : DSA-3170 (string)

refsource : DEBIAN (string)

url : http://www.debian.org/security/2015/dsa-3170 (string)

}

3 : { »

name : SUSE-SU-2015:0736 (string)

refsource : SUSE (string)

url : http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html (string)

}

4 : { »

name : USN-2562-1 (string)

refsource : UBUNTU (string)

url : http://www.ubuntu.com/usn/USN-2562-1 (string)

}

5 : { »

name : USN-2565-1 (string)

refsource : UBUNTU (string)

url : http://www.ubuntu.com/usn/USN-2565-1 (string)

}

6 : { »

name : USN-2561-1 (string)

refsource : UBUNTU (string)

url : http://www.ubuntu.com/usn/USN-2561-1 (string)

}

7 : { »

name : 72607 (string)

refsource : BID (string)

url : http://www.securityfocus.com/bid/72607 (string)

}

8 : { »

name : USN-2564-1 (string)

refsource : UBUNTU (string)

url : http://www.ubuntu.com/usn/USN-2564-1 (string)

}

9 : { »

name : USN-2563-1 (string)

refsource : UBUNTU (string)

url : http://www.ubuntu.com/usn/USN-2563-1 (string)

}

10 : { »

name : http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=4e7c22d447bb6d7e37bfe39ff658486ae78e8d77 (string)

refsource : CONFIRM (string)

url : http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=4e7c22d447bb6d7e37bfe39ff658486ae78e8d77 (string)

}

11 : { »

name : RHSA-2015:1138 (string)

refsource : REDHAT (string)

url : http://rhn.redhat.com/errata/RHSA-2015-1138.html (string)

}

12 : { »

name : http://hmarco.org/bugs/linux-ASLR-integer-overflow.html (string)

refsource : MISC (string)

url : http://hmarco.org/bugs/linux-ASLR-integer-overflow.html (string)

}

13 : { »

name : USN-2560-1 (string)

refsource : UBUNTU (string)

url : http://www.ubuntu.com/usn/USN-2560-1 (string)

}

14 : { »

name : [oss-security] 20150213 Re: CVE-Request -- Linux ASLR integer overflow (string)

refsource : MLIST (string)

url : http://www.openwall.com/lists/oss-security/2015/02/13/13 (string)

}

15 : { »

name : https://bugzilla.redhat.com/show_bug.cgi?id=1192519 (string)

refsource : CONFIRM (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=1192519 (string)

}

16 : { »

name : openSUSE-SU-2015:0714 (string)

refsource : SUSE (string)

url : http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00009.html (string)

}

17 : { »

name : RHSA-2015:1137 (string)

refsource : REDHAT (string)

url : http://rhn.redhat.com/errata/RHSA-2015-1137.html (string)

}

18 : { »

name : [linux-kernel] 20150107 Re: [PATH] Fix stack randomization on x86_64 bit (string)

refsource : MLIST (string)

url : https://lkml.org/lkml/2015/1/7/811 (string)

}

19 : { »

name : RHSA-2015:1221 (string)

refsource : REDHAT (string)

url : http://rhn.redhat.com/errata/RHSA-2015-1221.html (string)

}

20 : { »

name : RHSA-2019:3517 (string)

refsource : REDHAT (string)

url : https://access.redhat.com/errata/RHSA-2019:3517 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-06T04:47:17.066Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://github.com/torvalds/linux/commit/4e7c22d447bb6d7e37bfe39ff658486ae78e8d77 (string)

}

1 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.19.1 (string)

}

2 : { »

name : DSA-3170 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_DEBIAN (string)

2 : x_transferred (string)

]

url : http://www.debian.org/security/2015/dsa-3170 (string)

}

3 : { »

name : SUSE-SU-2015:0736 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

2 : x_transferred (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html (string)

}

4 : { »

name : USN-2562-1 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_UBUNTU (string)

2 : x_transferred (string)

]

url : http://www.ubuntu.com/usn/USN-2562-1 (string)

}

5 : { »

name : USN-2565-1 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_UBUNTU (string)

2 : x_transferred (string)

]

url : http://www.ubuntu.com/usn/USN-2565-1 (string)

}

6 : { »

name : USN-2561-1 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_UBUNTU (string)

2 : x_transferred (string)

]

url : http://www.ubuntu.com/usn/USN-2561-1 (string)

}

7 : { »

name : 72607 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

2 : x_transferred (string)

]

url : http://www.securityfocus.com/bid/72607 (string)

}

8 : { »

name : USN-2564-1 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_UBUNTU (string)

2 : x_transferred (string)

]

url : http://www.ubuntu.com/usn/USN-2564-1 (string)

}

9 : { »

name : USN-2563-1 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_UBUNTU (string)

2 : x_transferred (string)

]

url : http://www.ubuntu.com/usn/USN-2563-1 (string)

}

10 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4e7c22d447bb6d7e37bfe39ff658486ae78e8d77 (string)

}

11 : { »

name : RHSA-2015:1138 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : http://rhn.redhat.com/errata/RHSA-2015-1138.html (string)

}

12 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : http://hmarco.org/bugs/linux-ASLR-integer-overflow.html (string)

}

13 : { »

name : USN-2560-1 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_UBUNTU (string)

2 : x_transferred (string)

]

url : http://www.ubuntu.com/usn/USN-2560-1 (string)

}

14 : { »

name : [oss-security] 20150213 Re: CVE-Request -- Linux ASLR integer overflow (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

2 : x_transferred (string)

]

url : http://www.openwall.com/lists/oss-security/2015/02/13/13 (string)

}

15 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://bugzilla.redhat.com/show_bug.cgi?id=1192519 (string)

}

16 : { »

name : openSUSE-SU-2015:0714 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

2 : x_transferred (string)

]

url : http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00009.html (string)

}

17 : { »

name : RHSA-2015:1137 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : http://rhn.redhat.com/errata/RHSA-2015-1137.html (string)

}

18 : { »

name : [linux-kernel] 20150107 Re: [PATH] Fix stack randomization on x86_64 bit (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

2 : x_transferred (string)

]

url : https://lkml.org/lkml/2015/1/7/811 (string)

}

19 : { »

name : RHSA-2015:1221 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : http://rhn.redhat.com/errata/RHSA-2015-1221.html (string)

}

20 : { »

name : RHSA-2019:3517 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : https://access.redhat.com/errata/RHSA-2019:3517 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

assignerShortName : mitre (string)

cveId : CVE-2015-1593 (string)

datePublished : 2015-03-16T10:00:00 (string)

dateReserved : 2015-02-13T00:00:00 (string)

dateUpdated : 2024-08-06T04:47:17.066Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:x64:*", "matchCriteriaId": "6F6B5B8A-E1EE-477E-9908-76004F722CCC", "versionEndIncluding": "3.18.9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The stack randomization feature in the Linux kernel before 3.19.1 on 64-bit platforms uses incorrect data types for the results of bitwise left-shift operations, which makes it easier for attackers to bypass the ASLR protection mechanism by predicting the address of the top of the stack, related to the randomize_stack_top function in fs/binfmt_elf.c and the stack_maxrandom_size function in arch/x86/mm/mmap.c."}, {"lang": "es", "value": "La caracter\u00edstica de aleatoriedad de la pila en el Kernel de Linux anterior a 3.19.1 en plataformas de 64-bits utiliza un tipo de datos incorrecto por el resultado de operaciones de bitwise left-shift, lo que hace que sea m\u00e1s f\u00e1cil para atacantes evadir el mecanismo de protecci\u00f3n ASLR prediciendo direcciones del tope de la pila, relacionado con la funci\u00f3n andomize_stack_top en fs/binfmt_elf.c y la funci\u00f3n stack_maxrandom_size en arch/x86/mm/mmap.c."}], "id": "CVE-2015-1593", "lastModified": "2024-11-21T02:25:44.013", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-03-16T10:59:07.727", "references": [{"source": "cve@mitre.org", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4e7c22d447bb6d7e37bfe39ff658486ae78e8d77"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://hmarco.org/bugs/linux-ASLR-integer-overflow.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00009.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html"}, {"source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2015-1137.html"}, {"source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2015-1138.html"}, {"source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2015-1221.html"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2015/dsa-3170"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.19.1"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2015/02/13/13"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/72607"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-2560-1"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-2561-1"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-2562-1"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-2563-1"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-2564-1"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-2565-1"}, {"source": "cve@mitre.org", "url": "https://access.redhat.com/errata/RHSA-2019:3517"}, {"source": "cve@mitre.org", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1192519"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "https://github.com/torvalds/linux/commit/4e7c22d447bb6d7e37bfe39ff658486ae78e8d77"}, {"source": "cve@mitre.org", "url": "https://lkml.org/lkml/2015/1/7/811"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4e7c22d447bb6d7e37bfe39ff658486ae78e8d77"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://hmarco.org/bugs/linux-ASLR-integer-overflow.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00009.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2015-1137.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2015-1138.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2015-1221.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2015/dsa-3170"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.19.1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2015/02/13/13"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/72607"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-2560-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-2561-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-2562-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-2563-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-2564-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-2565-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2019:3517"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1192519"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "https://github.com/torvalds/linux/commit/4e7c22d447bb6d7e37bfe39ff658486ae78e8d77"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lkml.org/lkml/2015/1/7/811"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:x64:* (string)

matchCriteriaId : 6F6B5B8A-E1EE-477E-9908-76004F722CCC (string)

versionEndIncluding : 3.18.9 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : The stack randomization feature in the Linux kernel before 3.19.1 on 64-bit platforms uses incorrect data types for the results of bitwise left-shift operations, which makes it easier for attackers to bypass the ASLR protection mechanism by predicting the address of the top of the stack, related to the randomize_stack_top function in fs/binfmt_elf.c and the stack_maxrandom_size function in arch/x86/mm/mmap.c. (string)

}

1 : { »

lang : es (string)

value : La característica de aleatoriedad de la pila en el Kernel de Linux anterior a 3.19.1 en plataformas de 64-bits utiliza un tipo de datos incorrecto por el resultado de operaciones de bitwise left-shift, lo que hace que sea más fácil para atacantes evadir el mecanismo de protección ASLR prediciendo direcciones del tope de la pila, relacionado con la función andomize_stack_top en fs/binfmt_elf.c y la función stack_maxrandom_size en arch/x86/mm/mmap.c. (string)

}

]

id : CVE-2015-1593 (string)

lastModified : 2024-11-21T02:25:44.013 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : NONE (string)

baseScore : 5 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : NONE (string)

vectorString : AV:N/AC:L/Au:N/C:P/I:N/A:N (string)

version : 2.0 (string)

}

exploitabilityScore : 10 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

}

published : 2015-03-16T10:59:07.727 (string)

references : [ »

0 : { »

source : cve@mitre.org (string)

url : http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4e7c22d447bb6d7e37bfe39ff658486ae78e8d77 (string)

}

1 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Exploit (string)

]

url : http://hmarco.org/bugs/linux-ASLR-integer-overflow.html (string)

}

2 : { »

source : cve@mitre.org (string)

url : http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00009.html (string)

}

3 : { »

source : cve@mitre.org (string)

url : http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html (string)

}

4 : { »

source : cve@mitre.org (string)

url : http://rhn.redhat.com/errata/RHSA-2015-1137.html (string)

}

5 : { »

source : cve@mitre.org (string)

url : http://rhn.redhat.com/errata/RHSA-2015-1138.html (string)

}

6 : { »

source : cve@mitre.org (string)

url : http://rhn.redhat.com/errata/RHSA-2015-1221.html (string)

}

7 : { »

source : cve@mitre.org (string)

url : http://www.debian.org/security/2015/dsa-3170 (string)

}

8 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.19.1 (string)

}

9 : { »

source : cve@mitre.org (string)

url : http://www.openwall.com/lists/oss-security/2015/02/13/13 (string)

}

10 : { »

source : cve@mitre.org (string)

url : http://www.securityfocus.com/bid/72607 (string)

}

11 : { »

source : cve@mitre.org (string)

url : http://www.ubuntu.com/usn/USN-2560-1 (string)

}

12 : { »

source : cve@mitre.org (string)

url : http://www.ubuntu.com/usn/USN-2561-1 (string)

}

13 : { »

source : cve@mitre.org (string)

url : http://www.ubuntu.com/usn/USN-2562-1 (string)

}

14 : { »

source : cve@mitre.org (string)

url : http://www.ubuntu.com/usn/USN-2563-1 (string)

}

15 : { »

source : cve@mitre.org (string)

url : http://www.ubuntu.com/usn/USN-2564-1 (string)

}

16 : { »

source : cve@mitre.org (string)

url : http://www.ubuntu.com/usn/USN-2565-1 (string)

}

17 : { »

source : cve@mitre.org (string)

url : https://access.redhat.com/errata/RHSA-2019:3517 (string)

}

18 : { »

source : cve@mitre.org (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=1192519 (string)

}

19 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Exploit (string)

]

url : https://github.com/torvalds/linux/commit/4e7c22d447bb6d7e37bfe39ff658486ae78e8d77 (string)

}

20 : { »

source : cve@mitre.org (string)

url : https://lkml.org/lkml/2015/1/7/811 (string)

}

21 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4e7c22d447bb6d7e37bfe39ff658486ae78e8d77 (string)

}

22 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Exploit (string)

]

url : http://hmarco.org/bugs/linux-ASLR-integer-overflow.html (string)

}

23 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00009.html (string)

}

24 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html (string)

}

25 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://rhn.redhat.com/errata/RHSA-2015-1137.html (string)

}

26 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://rhn.redhat.com/errata/RHSA-2015-1138.html (string)

}

27 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://rhn.redhat.com/errata/RHSA-2015-1221.html (string)

}

28 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.debian.org/security/2015/dsa-3170 (string)

}

29 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.19.1 (string)

}

30 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.openwall.com/lists/oss-security/2015/02/13/13 (string)

}

31 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.securityfocus.com/bid/72607 (string)

}

32 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.ubuntu.com/usn/USN-2560-1 (string)

}

33 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.ubuntu.com/usn/USN-2561-1 (string)

}

34 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.ubuntu.com/usn/USN-2562-1 (string)

}

35 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.ubuntu.com/usn/USN-2563-1 (string)

}

36 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.ubuntu.com/usn/USN-2564-1 (string)

}

37 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.ubuntu.com/usn/USN-2565-1 (string)

}

38 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://access.redhat.com/errata/RHSA-2019:3517 (string)

}

39 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=1192519 (string)

}

40 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Exploit (string)

]

url : https://github.com/torvalds/linux/commit/4e7c22d447bb6d7e37bfe39ff658486ae78e8d77 (string)

}

41 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://lkml.org/lkml/2015/1/7/811 (string)

}

]

sourceIdentifier : cve@mitre.org (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-264 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Show plain JSON

{"affected_release": [{"advisory": "RHSA-2015:1221", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "kernel-0:2.6.32-504.30.3.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2015-07-14T00:00:00Z"}, {"advisory": "RHSA-2015:1139", "cpe": "cpe:/a:redhat:rhel_extras_rt:7", "package": "kernel-rt-0:3.10.0-229.7.2.rt56.141.6.el7_1", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2015-06-23T00:00:00Z"}, {"advisory": "RHSA-2015:1137", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "kernel-0:3.10.0-229.7.2.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2015-06-23T00:00:00Z"}, {"advisory": "RHSA-2019:3517", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-147.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-11-05T00:00:00Z"}, {"advisory": "RHSA-2015:1138", "cpe": "cpe:/a:redhat:enterprise_mrg:2:server:el6", "package": "kernel-rt-1:3.10.0-229.rt56.153.el6rt", "product_name": "Red Hat Enterprise MRG 2", "release_date": "2015-06-23T00:00:00Z"}], "bugzilla": {"description": "kernel: Linux stack ASLR implementation Integer overflow", "id": "1192519", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1192519"}, "csaw": false, "cvss": {"cvss_base_score": "1.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "status": "verified"}, "cwe": "CWE-190", "details": ["The stack randomization feature in the Linux kernel before 3.19.1 on 64-bit platforms uses incorrect data types for the results of bitwise left-shift operations, which makes it easier for attackers to bypass the ASLR protection mechanism by predicting the address of the top of the stack, related to the randomize_stack_top function in fs/binfmt_elf.c and the stack_maxrandom_size function in arch/x86/mm/mmap.c.", "An integer overflow flaw was found in the way the Linux kernel randomized the stack for processes on certain 64-bit architecture systems, such as x86-64, causing the stack entropy to be reduced by four."], "name": "CVE-2015-1593", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "kernel-alt", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2015-02-13T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-1593\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-1593"], "statement": "This issue does affect the Linux kernel versions as shipped with Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates in the respective releases may address this issue.\nThis issue does affect the Linux kernel versions as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "threat_severity": "Low"}

{

affected_release : [ »

0 : { »

advisory : RHSA-2015:1221 (string)

cpe : cpe:/o:redhat:enterprise_linux:6 (string)

package : kernel-0:2.6.32-504.30.3.el6 (string)

product_name : Red Hat Enterprise Linux 6 (string)

release_date : 2015-07-14T00:00:00Z (string)

}

1 : { »

advisory : RHSA-2015:1139 (string)

cpe : cpe:/a:redhat:rhel_extras_rt:7 (string)

package : kernel-rt-0:3.10.0-229.7.2.rt56.141.6.el7_1 (string)

product_name : Red Hat Enterprise Linux 7 (string)

release_date : 2015-06-23T00:00:00Z (string)

}

2 : { »

advisory : RHSA-2015:1137 (string)

cpe : cpe:/o:redhat:enterprise_linux:7 (string)

package : kernel-0:3.10.0-229.7.2.el7 (string)

product_name : Red Hat Enterprise Linux 7 (string)

release_date : 2015-06-23T00:00:00Z (string)

}

3 : { »

advisory : RHSA-2019:3517 (string)

cpe : cpe:/o:redhat:enterprise_linux:8 (string)

package : kernel-0:4.18.0-147.el8 (string)

product_name : Red Hat Enterprise Linux 8 (string)

release_date : 2019-11-05T00:00:00Z (string)

}

4 : { »

advisory : RHSA-2015:1138 (string)

cpe : cpe:/a:redhat:enterprise_mrg:2:server:el6 (string)

package : kernel-rt-1:3.10.0-229.rt56.153.el6rt (string)

product_name : Red Hat Enterprise MRG 2 (string)

release_date : 2015-06-23T00:00:00Z (string)

}

]

bugzilla : { »

description : kernel: Linux stack ASLR implementation Integer overflow (string)

id : 1192519 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=1192519 (string)

}

csaw : false (boolean)

cvss : { »

cvss_base_score : 1.9 (string)

cvss_scoring_vector : AV:L/AC:M/Au:N/C:P/I:N/A:N (string)

status : verified (string)

}

cwe : CWE-190 (string)

details : [ »

0 : The stack randomization feature in the Linux kernel before 3.19.1 on 64-bit platforms uses incorrect data types for the results of bitwise left-shift operations, which makes it easier for attackers to bypass the ASLR protection mechanism by predicting the address of the top of the stack, related to the randomize_stack_top function in fs/binfmt_elf.c and the stack_maxrandom_size function in arch/x86/mm/mmap.c. (string)

1 : An integer overflow flaw was found in the way the Linux kernel randomized the stack for processes on certain 64-bit architecture systems, such as x86-64, causing the stack entropy to be reduced by four. (string)

]

name : CVE-2015-1593 (string)

package_state : [ »

0 : { »

cpe : cpe:/o:redhat:enterprise_linux:5 (string)

fix_state : Affected (string)

package_name : kernel (string)

product_name : Red Hat Enterprise Linux 5 (string)

}

1 : { »

cpe : cpe:/o:redhat:enterprise_linux:7 (string)

fix_state : Affected (string)

package_name : kernel-alt (string)

product_name : Red Hat Enterprise Linux 7 (string)

}

]

public_date : 2015-02-13T00:00:00Z (string)

references : [ »

0 : https://www.cve.org/CVERecord?id=CVE-2015-1593 https://nvd.nist.gov/vuln/detail/CVE-2015-1593 (string)

]

statement : This issue does affect the Linux kernel versions as shipped with Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates in the respective releases may address this issue. This issue does affect the Linux kernel versions as shipped with Red Hat Enterprise Linux 5. Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/. (string)

threat_severity : Low (string)

}

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object