Privilege escalation in Linux Linux_kernel
CVE-2015-8539
The KEYS subsystem in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (BUG) via crafted keyctl commands that negatively instantiate a key, related to security/keys/encrypted-keys/encrypted.c…
Vulnerability class: Privilege Escalation
EPSS: 0.001 (23.1th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.8 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Linux Linux_kernel — versions 4.4
- Canonical Ubuntu_linux — versions 12.04, 14.04
- Suse Linux_enterprise_real_time_extension — versions 12
- N/a — versions n/a
Weakness classification (CWE)
References
- SUSE-SU-2016:0337 (vendor-advisory, Third Party Advisory, x_refsource_SUSE)
- cve@mitre.org (x_refsource_CONFIRM, Third Party Advisory, Issue Tracking)
- RHSA-2018:0181 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
- SUSE-SU-2016:0434 (vendor-advisory, Third Party Advisory, x_refsource_SUSE)
- cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
- cve@mitre.org (x_refsource_CONFIRM, Patch, Issue Tracking, Vendor Advisory)
- [oss-security] 20151208 CVE request - Linux kernel - Fix handling of stored error in a negatively instantiated user key (mailing-list, x_refsource_MLIST, Patch, Mailing List, Third Party Advisory, Issue Tracking)
- SUSE-SU-2016:0380 (vendor-advisory, Third Party Advisory, x_refsource_SUSE)
- RHSA-2018:0152 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
- SUSE-SU-2016:0335 (vendor-advisory, Third Party Advisory, x_refsource_SUSE)
Frequently asked questions
- What is CVE-2015-8539?
- CVE-2015-8539 is a high-severity vulnerability in Linux Linux_kernel, classified under Improper Privilege Management. CVSS score: 7.8/10. Published 2016-02-08.
- How severe is CVE-2015-8539?
- High severity. CVSS v3 base score is 7.8 out of 10.