Privilege Escalation Vulnerability in Linux Kernel by Linux Foundation
CVE-2015-8539

7.8HIGH

Key Information:

Vendor
Suse
Status
Linux Enterprise Real Time Extension
Ubuntu Linux
Vendor
CVE Published:
8 February 2016

Summary

This vulnerability in the KEYS subsystem of the Linux kernel allows local users to exploit crafted keyctl commands, leading to unauthorized privilege escalation or denial of service. Items affected include encrypted keys and security features, opening avenues for potential system compromise. Proper updates and security patches are recommended to mitigate this risk.

References

http://lists.opensuse.org/opensuse-security-announce/2016...
vendor-advisoryx_refsource_SUSE
https://bugzilla.redhat.com/show_bug.cgi?id=1284450
x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:0181
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.