CVE-2015-6252 - OpenCVE

The vhost_dev_ioctl function in drivers/vhost/vhost.c in the Linux kernel before 4.1.5 allows local users to cause a denial of service (memory consumption) via a VHOST_SET_LOG_FD ioctl call that triggers permanent file-descriptor allocation.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:L/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

Configuration 1 [-]

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7932c0bd7740f4cd2aa168d3ce0199e7af7d72d5
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00009.html
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00035.html
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00013.html
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html
http://www.debian.org/security/2015/dsa-3364
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.5
http://www.openwall.com/lists/oss-security/2015/08/18/3
http://www.securityfocus.com/bid/76400
http://www.securitytracker.com/id/1033666
http://www.ubuntu.com/usn/USN-2748-1
http://www.ubuntu.com/usn/USN-2749-1
http://www.ubuntu.com/usn/USN-2751-1
http://www.ubuntu.com/usn/USN-2752-1
http://www.ubuntu.com/usn/USN-2759-1
http://www.ubuntu.com/usn/USN-2760-1
http://www.ubuntu.com/usn/USN-2777-1
https://bugzilla.redhat.com/show_bug.cgi?id=1251839
https://github.com/torvalds/linux/commit/7932c0bd7740f4cd2aa168d3ce0199e7af7d72d5
https://nvd.nist.gov/vuln/detail/CVE-2015-6252
https://www.cve.org/CVERecord?id=CVE-2015-6252

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2015-10-19T10:00:00

Updated: 2024-08-06T07:15:13.291Z

Reserved: 2015-08-17T00:00:00

Link: CVE-2015-6252

Vulnrichment

No data.

NVD

Status : Modified

Published: 2015-10-19T10:59:06.363

Modified: 2017-11-04T01:29:07.287

Link: CVE-2015-6252

Redhat

Severity : Low

Publid Date: 2015-08-10T00:00:00Z

Links: CVE-2015-6252 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-08-10T00:00:00", "descriptions": [{"lang": "en", "value": "The vhost_dev_ioctl function in drivers/vhost/vhost.c in the Linux kernel before 4.1.5 allows local users to cause a denial of service (memory consumption) via a VHOST_SET_LOG_FD ioctl call that triggers permanent file-descriptor allocation."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-11-03T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "USN-2748-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2748-1"}, {"name": "76400", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/76400"}, {"name": "USN-2751-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2751-1"}, {"name": "[oss-security] 20150818 Re: CVE request: linux kernel:fd leak in vhost ioctl VHOST_SET_LOG_FD", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2015/08/18/3"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.5"}, {"name": "DSA-3364", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2015/dsa-3364"}, {"name": "SUSE-SU-2015:1727", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00009.html"}, {"name": "USN-2752-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2752-1"}, {"name": "SUSE-SU-2016:0354", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00013.html"}, {"name": "SUSE-SU-2015:2108", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00035.html"}, {"name": "USN-2749-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2749-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/torvalds/linux/commit/7932c0bd7740f4cd2aa168d3ce0199e7af7d72d5"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1251839"}, {"name": "USN-2760-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2760-1"}, {"name": "USN-2759-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2759-1"}, {"name": "SUSE-SU-2016:2074", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"}, {"name": "1033666", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1033666"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7932c0bd7740f4cd2aa168d3ce0199e7af7d72d5"}, {"name": "USN-2777-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2777-1"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-6252", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The vhost_dev_ioctl function in drivers/vhost/vhost.c in the Linux kernel before 4.1.5 allows local users to cause a denial of service (memory consumption) via a VHOST_SET_LOG_FD ioctl call that triggers permanent file-descriptor allocation."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "USN-2748-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2748-1"}, {"name": "76400", "refsource": "BID", "url": "http://www.securityfocus.com/bid/76400"}, {"name": "USN-2751-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2751-1"}, {"name": "[oss-security] 20150818 Re: CVE request: linux kernel:fd leak in vhost ioctl VHOST_SET_LOG_FD", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2015/08/18/3"}, {"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.5", "refsource": "CONFIRM", "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.5"}, {"name": "DSA-3364", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2015/dsa-3364"}, {"name": "SUSE-SU-2015:1727", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00009.html"}, {"name": "USN-2752-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2752-1"}, {"name": "SUSE-SU-2016:0354", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00013.html"}, {"name": "SUSE-SU-2015:2108", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00035.html"}, {"name": "USN-2749-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2749-1"}, {"name": "https://github.com/torvalds/linux/commit/7932c0bd7740f4cd2aa168d3ce0199e7af7d72d5", "refsource": "CONFIRM", "url": "https://github.com/torvalds/linux/commit/7932c0bd7740f4cd2aa168d3ce0199e7af7d72d5"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1251839", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1251839"}, {"name": "USN-2760-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2760-1"}, {"name": "USN-2759-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2759-1"}, {"name": "SUSE-SU-2016:2074", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"}, {"name": "1033666", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1033666"}, {"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7932c0bd7740f4cd2aa168d3ce0199e7af7d72d5", "refsource": "CONFIRM", "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7932c0bd7740f4cd2aa168d3ce0199e7af7d72d5"}, {"name": "USN-2777-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2777-1"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T07:15:13.291Z"}, "title": "CVE Program Container", "references": [{"name": "USN-2748-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2748-1"}, {"name": "76400", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/76400"}, {"name": "USN-2751-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2751-1"}, {"name": "[oss-security] 20150818 Re: CVE request: linux kernel:fd leak in vhost ioctl VHOST_SET_LOG_FD", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2015/08/18/3"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.5"}, {"name": "DSA-3364", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2015/dsa-3364"}, {"name": "SUSE-SU-2015:1727", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00009.html"}, {"name": "USN-2752-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2752-1"}, {"name": "SUSE-SU-2016:0354", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00013.html"}, {"name": "SUSE-SU-2015:2108", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00035.html"}, {"name": "USN-2749-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2749-1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/torvalds/linux/commit/7932c0bd7740f4cd2aa168d3ce0199e7af7d72d5"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1251839"}, {"name": "USN-2760-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2760-1"}, {"name": "USN-2759-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2759-1"}, {"name": "SUSE-SU-2016:2074", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"}, {"name": "1033666", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1033666"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7932c0bd7740f4cd2aa168d3ce0199e7af7d72d5"}, {"name": "USN-2777-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2777-1"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-6252", "datePublished": "2015-10-19T10:00:00", "dateReserved": "2015-08-17T00:00:00", "dateUpdated": "2024-08-06T07:15:13.291Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "A3606982-292B-4382-81E3-69B5573E4367", "versionEndIncluding": "4.1.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The vhost_dev_ioctl function in drivers/vhost/vhost.c in the Linux kernel before 4.1.5 allows local users to cause a denial of service (memory consumption) via a VHOST_SET_LOG_FD ioctl call that triggers permanent file-descriptor allocation."}, {"lang": "es", "value": "La funci\u00f3n vhost_dev_ioctl en drivers/vhost/vhost.c en el kernel de Linux en versiones anteriores a 4.1.5 permite a usuarios locales provocar una denegaci\u00f3n de servicio (consumo de memoria) a trav\u00e9s de una llamada VHOST_SET_LOG_FD ioctl que desencadena la asignaci\u00f3n de un descriptor de fichero permanente."}], "id": "CVE-2015-6252", "lastModified": "2017-11-04T01:29:07.287", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-10-19T10:59:06.363", "references": [{"source": "cve@mitre.org", "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7932c0bd7740f4cd2aa168d3ce0199e7af7d72d5"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00009.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00035.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00013.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2015/dsa-3364"}, {"source": "cve@mitre.org", "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.5"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2015/08/18/3"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/76400"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id/1033666"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-2748-1"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-2749-1"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-2751-1"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-2752-1"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-2759-1"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-2760-1"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-2777-1"}, {"source": "cve@mitre.org", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1251839"}, {"source": "cve@mitre.org", "url": "https://github.com/torvalds/linux/commit/7932c0bd7740f4cd2aa168d3ce0199e7af7d72d5"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "This issue was discovered by Michael S. Tsirkin (Red Hat Engineering).", "bugzilla": {"description": "kernel: vhost fd leak in ioctl VHOST_SET_LOG_FD", "id": "1251839", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1251839"}, "csaw": false, "cvss": {"cvss_base_score": "1.5", "cvss_scoring_vector": "AV:L/AC:M/Au:S/C:N/I:N/A:P", "status": "draft"}, "cwe": "CWE-665", "details": ["The vhost_dev_ioctl function in drivers/vhost/vhost.c in the Linux kernel before 4.1.5 allows local users to cause a denial of service (memory consumption) via a VHOST_SET_LOG_FD ioctl call that triggers permanent file-descriptor allocation.", "A flaw was found in the way the Linux kernel's vhost driver treated userspace provided log file descriptor when processing the VHOST_SET_LOG_FD ioctl command. The file descriptor was never released and continued to consume kernel memory. A privileged local user with access to the /dev/vhost-net files could use this flaw to create a denial-of-service attack."], "name": "CVE-2015-6252", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:4", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 4"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:enterprise_mrg:2", "fix_state": "Will not fix", "package_name": "realtime-kernel", "product_name": "Red Hat Enterprise MRG 2"}], "public_date": "2015-08-10T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-6252\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-6252"], "statement": "This issue does not affect the Linux kernels as shipped with Red Hat Enterprise Linux 5.\nThis issue has been rated as having Low impact, affects the Linux kernels as shipped with Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2 and is currently not planned to be addressed in a future updates.", "threat_severity": "Low"}