CVE-2015-8746
Publication date 2 May 2016
Last updated 24 July 2024
Ubuntu priority
Cvss 3 Severity Score
fs/nfs/nfs4proc.c in the NFS client in the Linux kernel before 4.2.2 does not properly initialize memory for migration recovery operations, which allows remote NFS servers to cause a denial of service (NULL pointer dereference and panic) via crafted network traffic.
From the Ubuntu Security Team
It was discovered that the client side NFSv4 migration implementation in the Linux kernel did not properly initialize a data structure. A local user could use this to cause a denial of service (NFS client system crash).
Status
Package | Ubuntu Release | Status |
---|---|---|
linux | ||
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty |
Fixed 3.13.0-70.113
|
|
linux-armadaxp | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-aws | ||
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty |
Not affected
|
|
linux-flo | ||
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty | Not in release | |
linux-fsl-imx51 | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-gke | ||
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty | Not in release | |
linux-goldfish | ||
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty | Not in release | |
linux-grouper | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-hwe | ||
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty | Not in release | |
linux-hwe-edge | ||
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty | Not in release | |
linux-linaro-omap | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-linaro-shared | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-linaro-vexpress | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-lts-quantal | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-lts-raring | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-lts-saucy | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-lts-trusty | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-lts-utopic | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty |
Fixed 3.16.0-52.71~14.04.1
|
|
linux-lts-vivid | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty |
Fixed 3.19.0-37.42~14.04.1
|
|
linux-lts-wily | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-lts-xenial | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty |
Not affected
|
|
linux-maguro | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-mako | ||
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty | Not in release | |
linux-manta | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-qcm-msm | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
linux-raspi2 | ||
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty | Not in release | |
linux-snapdragon | ||
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty | Not in release | |
linux-ti-omap4 | ||
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
Notes
jdstrand
android kernels (flo, goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 14.10 and earlier preview kernels linux-lts-saucy no longer receives official support linux-lts-quantal no longer receives official support
Severity score breakdown
Parameter | Value |
---|---|
Base score | 7.5 · High |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | None |
Availability impact | High |
Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |