CVE-2015-3636

Severity Level: Medium
AppRisk Coverage: Yes
Type: Vulnerability
OWASP: M4: Unintended Data Leakage
Aliases:
Platform: Android, Linux
File size (bytes): N/A
Filename: N/A
App title: N/A
MD5 Hash: N/A
SHA1 hash: N/A
Affected CVE:

• CVE-2015-3636

Details or analysis:

This is a privilege escalation vulnerability. Linux kernel’s ping socket implementation did not properly handle socket unhashing during spurious disconnects, which could lead to a use-after-free flaw.

The vulnerable code is present in “/net/ipv4/ping.c” affecting both Linux and Android. The “ping_unhash” function in “ping.c” in the Linux kernel before 4.0.3 does not initialize a certain list data structure during an unhash operation.

This vulnerability allows local users to gain privileges or cause a denial of service by leveraging the ability to make a SOCK_DGRAM socket system call for the IPPROTO_ICMP or IPPROTO_ICMPV6 protocol, and then making a connect system call after a disconnect.

Reference:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3636
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3636
• https://access.redhat.com/security/cve/cve-2015-3636