CVE-2015-4004

{"id": "CVE-2015-4004", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "[email protected]", "cvssData": {"version": "2.0", "baseScore": 8.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 7.8, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-06-07T23:59:08.660", "references": [{"url": "http://openwall.com/lists/oss-security/2015/06/05/7", "tags": ["Mailing List", "Third Party Advisory"], "source": "[email protected]"}, {"url": "http://www.securityfocus.com/bid/74669", "tags": ["Third Party Advisory", "VDB Entry"], "source": "[email protected]"}, {"url": "http://www.ubuntu.com/usn/USN-2989-1", "tags": ["Third Party Advisory"], "source": "[email protected]"}, {"url": "http://www.ubuntu.com/usn/USN-2998-1", "tags": ["Third Party Advisory"], "source": "[email protected]"}, {"url": "http://www.ubuntu.com/usn/USN-3000-1", "tags": ["Third Party Advisory"], "source": "[email protected]"}, {"url": "http://www.ubuntu.com/usn/USN-3001-1", "tags": ["Third Party Advisory"], "source": "[email protected]"}, {"url": "http://www.ubuntu.com/usn/USN-3002-1", "tags": ["Third Party Advisory"], "source": "[email protected]"}, {"url": "http://www.ubuntu.com/usn/USN-3003-1", "tags": ["Third Party Advisory"], "source": "[email protected]"}, {"url": "http://www.ubuntu.com/usn/USN-3004-1", "tags": ["Third Party Advisory"], "source": "[email protected]"}, {"url": "https://lkml.org/lkml/2015/5/13/739", "tags": ["Exploit", "Vendor Advisory"], "source": "[email protected]"}, {"url": "http://openwall.com/lists/oss-security/2015/06/05/7", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/74669", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.ubuntu.com/usn/USN-2989-1", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.ubuntu.com/usn/USN-2998-1", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.ubuntu.com/usn/USN-3000-1", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.ubuntu.com/usn/USN-3001-1", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.ubuntu.com/usn/USN-3002-1", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.ubuntu.com/usn/USN-3003-1", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.ubuntu.com/usn/USN-3004-1", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lkml.org/lkml/2015/5/13/739", "tags": ["Exploit", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "The OZWPAN driver in the Linux kernel through 4.0.5 relies on an untrusted length field during packet parsing, which allows remote attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read and system crash) via a crafted packet."}, {"lang": "es", "value": "El controlador OZWPAN en el kernel de Linux hasta 4.0.5 depende de un campo de longitud no confiable durante el an\u00e1lisis sint\u00e1ctico de paquetes, lo que permite a atacantes remotos obtener informaci\u00f3n sensible de la memoria del kernel o causar una denegaci\u00f3n de servicio (lectura fuera de rango y ca\u00edda de sistema) a trav\u00e9s de un paquete manipulado."}], "lastModified": "2025-04-12T10:46:40.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "CB66DB75-2B16-4EBF-9B93-CE49D8086E41"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "vulnerable": true, "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "81BBC505-8CF5-4C64-83D1-43F46D6FBDD0", "versionEndExcluding": "4.3", "versionStartIncluding": "3.4"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}