{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-07-28T00:00:00", "descriptions": [{"lang": "en", "value": "The get_bitmap_file function in drivers/md/md.c in the Linux kernel before 4.1.6 does not initialize a certain bitmap data structure, which allows local users to obtain sensitive information from kernel memory via a GET_BITMAP_FILE ioctl call."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-20T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "USN-2748-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2748-1"}, {"name": "USN-2751-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2751-1"}, {"name": "USN-2731-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2731-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/torvalds/linux/commit/b6878d9e03043695dbf3fa1caa6dfc09db225b16"}, {"name": "SUSE-SU-2015:1727", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00009.html"}, {"name": "[oss-security] 20150728 CVE request: Linux kernel - information leak in md driver", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2015/07/28/2"}, {"name": "76066", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/76066"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"}, {"name": "USN-2752-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2752-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1249011"}, {"name": "DSA-3329", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2015/dsa-3329"}, {"name": "USN-2732-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2732-1"}, {"name": "USN-2749-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2749-1"}, {"name": "FEDORA-2015-12908", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163661.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.6"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b6878d9e03043695dbf3fa1caa6dfc09db225b16"}, {"name": "FEDORA-2015-13396", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164137.html"}, {"name": "FEDORA-2015-13391", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164193.html"}, {"name": "1033211", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1033211"}, {"name": "USN-2777-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2777-1"}, {"name": "FEDORA-2015-12917", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163711.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-5697", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The get_bitmap_file function in drivers/md/md.c in the Linux kernel before 4.1.6 does not initialize a certain bitmap data structure, which allows local users to obtain sensitive information from kernel memory via a GET_BITMAP_FILE ioctl call."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "USN-2748-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2748-1"}, {"name": "USN-2751-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2751-1"}, {"name": "USN-2731-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2731-1"}, {"name": "https://github.com/torvalds/linux/commit/b6878d9e03043695dbf3fa1caa6dfc09db225b16", "refsource": "CONFIRM", "url": "https://github.com/torvalds/linux/commit/b6878d9e03043695dbf3fa1caa6dfc09db225b16"}, {"name": "SUSE-SU-2015:1727", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00009.html"}, {"name": "[oss-security] 20150728 CVE request: Linux kernel - information leak in md driver", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2015/07/28/2"}, {"name": "76066", "refsource": "BID", "url": "http://www.securityfocus.com/bid/76066"}, {"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"}, {"name": "USN-2752-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2752-1"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1249011", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1249011"}, {"name": "DSA-3329", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2015/dsa-3329"}, {"name": "USN-2732-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2732-1"}, {"name": "USN-2749-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2749-1"}, {"name": "FEDORA-2015-12908", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163661.html"}, {"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.6", "refsource": "CONFIRM", "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.6"}, {"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b6878d9e03043695dbf3fa1caa6dfc09db225b16", "refsource": "CONFIRM", "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b6878d9e03043695dbf3fa1caa6dfc09db225b16"}, {"name": "FEDORA-2015-13396", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164137.html"}, {"name": "FEDORA-2015-13391", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164193.html"}, {"name": "1033211", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1033211"}, {"name": "USN-2777-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2777-1"}, {"name": "FEDORA-2015-12917", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163711.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T06:59:03.845Z"}, "title": "CVE Program Container", "references": [{"name": "USN-2748-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2748-1"}, {"name": "USN-2751-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2751-1"}, {"name": "USN-2731-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2731-1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/torvalds/linux/commit/b6878d9e03043695dbf3fa1caa6dfc09db225b16"}, {"name": "SUSE-SU-2015:1727", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00009.html"}, {"name": "[oss-security] 20150728 CVE request: Linux kernel - information leak in md driver", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2015/07/28/2"}, {"name": "76066", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/76066"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"}, {"name": "USN-2752-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2752-1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1249011"}, {"name": "DSA-3329", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2015/dsa-3329"}, {"name": "USN-2732-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2732-1"}, {"name": "USN-2749-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2749-1"}, {"name": "FEDORA-2015-12908", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163661.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.6"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b6878d9e03043695dbf3fa1caa6dfc09db225b16"}, {"name": "FEDORA-2015-13396", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164137.html"}, {"name": "FEDORA-2015-13391", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164193.html"}, {"name": "1033211", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1033211"}, {"name": "USN-2777-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2777-1"}, {"name": "FEDORA-2015-12917", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163711.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-5697", "datePublished": "2015-08-31T10:00:00", "dateReserved": "2015-07-29T00:00:00", "dateUpdated": "2024-08-06T06:59:03.845Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "44877FD6-2CE0-4950-B1C4-8B0A4E0E0333", "versionEndIncluding": "4.1.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The get_bitmap_file function in drivers/md/md.c in the Linux kernel before 4.1.6 does not initialize a certain bitmap data structure, which allows local users to obtain sensitive information from kernel memory via a GET_BITMAP_FILE ioctl call."}, {"lang": "es", "value": "Vulnerabilidad en la funci\u00f3n get_bitmap en drivers/md/md.c en el kernel de Linux en versiones anteriores a 4.1.6, no inicializa una cierta estructura de datos de mapa de bits, lo que permite a usuarios locales obtener informaci\u00f3n sensible de la memoria del kernel a trav\u00e9s de una llamada a GET_BITMAP_FILE de ioctl ."}], "id": "CVE-2015-5697", "lastModified": "2017-09-21T01:29:13.197", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-08-31T10:59:14.847", "references": [{"source": "cve@mitre.org", "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b6878d9e03043695dbf3fa1caa6dfc09db225b16"}, {"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163661.html"}, {"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163711.html"}, {"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164137.html"}, {"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164193.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00009.html"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2015/dsa-3329"}, {"source": "cve@mitre.org", "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.6"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2015/07/28/2"}, {"source": "cve@mitre.org", "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/76066"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id/1033211"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-2731-1"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-2732-1"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-2748-1"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-2749-1"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-2751-1"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-2752-1"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-2777-1"}, {"source": "cve@mitre.org", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1249011"}, {"source": "cve@mitre.org", "url": "https://github.com/torvalds/linux/commit/b6878d9e03043695dbf3fa1caa6dfc09db225b16"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: information leak in md driver", "id": "1249011", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1249011"}, "csaw": false, "cvss": {"cvss_base_score": "1.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "status": "draft"}, "cwe": "CWE-212", "details": ["The get_bitmap_file function in drivers/md/md.c in the Linux kernel before 4.1.6 does not initialize a certain bitmap data structure, which allows local users to obtain sensitive information from kernel memory via a GET_BITMAP_FILE ioctl call.", "A cross-boundary flaw was discovered in the Linux kernel software raid driver. The driver accessed a disabled bitmap where only the first byte of the buffer was initialized to zero. This meant that the rest of the request (up to 4095 bytes) was left and copied into user space. An attacker could use this flaw to read private information from user space that would not otherwise have been accessible."], "name": "CVE-2015-5697", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:4", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 4"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:enterprise_mrg:2", "fix_state": "Affected", "package_name": "realtime-kernel", "product_name": "Red Hat Enterprise MRG 2"}], "public_date": "2015-07-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-5697\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5697"], "statement": "This issue affects the Linux kernels as shipped with Red Hat Enterprise Linux 5, 6, 7, MRG-2 and realtime and may be addressed in a future update.", "threat_severity": "Low"}