Your submission was sent successfully! Close

CVE-2015-8575

Published: 17 December 2015

The sco_sock_bind function in net/bluetooth/sco.c in the Linux kernel before 4.3.4 does not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application.

From the Ubuntu security team

David Miller discovered that the Bluetooth implementation in the Linux kernel did not properly validate the socket address length for Synchronous Connection-Oriented (SCO) sockets. A local attacker could use this to expose sensitive information.

Priority

Medium

CVSS 3 base score: 4.0

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian
precise
Released (3.2.0-98.138)
trusty
Released (3.13.0-79.123)
upstream
Released (4.4~rc6)
vivid
Released (3.19.0-51.57)
wily
Released (4.2.0-27.32)
xenial Not vulnerable
(4.4.0-2.16)
yakkety Not vulnerable
(4.4.0-21.37)
zesty Not vulnerable
(4.8.0-22.24)
linux-2.6
Launchpad, Ubuntu, Debian
precise Does not exist

trusty Does not exist

upstream
Released (4.4~rc6)
vivid Does not exist

wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist

linux-armadaxp
Launchpad, Ubuntu, Debian
precise Does not exist
(precise was released [3.2.0-1661.85])
trusty Does not exist

upstream
Released (4.4~rc6)
vivid Does not exist

wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist

linux-aws
Launchpad, Ubuntu, Debian
precise Does not exist

trusty Not vulnerable
(4.4.0-1002.2)
upstream
Released (4.4~rc6)
xenial Not vulnerable
(4.4.0-1001.10)
yakkety Does not exist

zesty Does not exist

linux-ec2
Launchpad, Ubuntu, Debian
precise Does not exist

trusty Does not exist

upstream
Released (4.4~rc6)
vivid Does not exist

wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist

linux-flo
Launchpad, Ubuntu, Debian
precise Does not exist

trusty Does not exist
(trusty was ignored)
upstream
Released (4.4~rc6)
vivid Ignored
(reached end-of-life)
wily Ignored
(reached end-of-life)
xenial Ignored
(abandoned)
yakkety Ignored
(abandoned)
zesty Does not exist

linux-fsl-imx51
Launchpad, Ubuntu, Debian
precise Does not exist

trusty Does not exist

upstream
Released (4.4~rc6)
vivid Does not exist

wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist

linux-gke
Launchpad, Ubuntu, Debian
precise Does not exist

trusty Does not exist

upstream
Released (4.4~rc6)
xenial Not vulnerable
(4.4.0-1003.3)
yakkety Does not exist

zesty Does not exist

linux-goldfish
Launchpad, Ubuntu, Debian
precise Does not exist

trusty Does not exist
(trusty was ignored)
upstream
Released (4.4~rc6)
vivid Ignored
(reached end-of-life)
wily Ignored
(reached end-of-life)
xenial Ignored
(abandoned)
yakkety Ignored
(abandoned)
zesty Ignored
(abandoned)
linux-grouper
Launchpad, Ubuntu, Debian
precise Does not exist

trusty Does not exist
(trusty was ignored)
upstream
Released (4.4~rc6)
vivid Does not exist

wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist

linux-hwe
Launchpad, Ubuntu, Debian
precise Does not exist

trusty Does not exist

upstream
Released (4.4~rc6)
xenial Not vulnerable
(4.8.0-36.36~16.04.1)
yakkety Does not exist

zesty Does not exist

linux-hwe-edge
Launchpad, Ubuntu, Debian
precise Does not exist

trusty Does not exist

upstream
Released (4.4~rc6)
xenial Not vulnerable
(4.8.0-36.36~16.04.1)
yakkety Does not exist

zesty Does not exist

linux-linaro-omap
Launchpad, Ubuntu, Debian
precise Does not exist
(precise was ignored [abandoned])
trusty Does not exist

upstream
Released (4.4~rc6)
vivid Does not exist

wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist

linux-linaro-shared
Launchpad, Ubuntu, Debian
precise Does not exist
(precise was ignored [abandoned])
trusty Does not exist

upstream
Released (4.4~rc6)
vivid Does not exist

wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist

linux-linaro-vexpress
Launchpad, Ubuntu, Debian
precise Does not exist
(precise was ignored [abandoned])
trusty Does not exist

upstream
Released (4.4~rc6)
vivid Does not exist

wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist

linux-lts-quantal
Launchpad, Ubuntu, Debian
precise Does not exist
(precise was ignored [was needs-triage now end-of-life])
trusty Does not exist

upstream
Released (4.4~rc6)
vivid Does not exist

wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist

linux-lts-raring
Launchpad, Ubuntu, Debian
precise Does not exist
(precise was ignored [end-of-life])
trusty Does not exist

upstream
Released (4.4~rc6)
vivid Does not exist

wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist

linux-lts-saucy
Launchpad, Ubuntu, Debian
precise Does not exist
(precise was ignored [was needs-triage now end-of-life])
trusty Does not exist

upstream
Released (4.4~rc6)
vivid Does not exist

wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist

linux-lts-trusty
Launchpad, Ubuntu, Debian
precise
Released (3.13.0-79.123~precise1)
trusty Does not exist

upstream
Released (4.4~rc6)
vivid Does not exist

wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist

linux-lts-utopic
Launchpad, Ubuntu, Debian
precise Does not exist

trusty Does not exist
(trusty was released [3.16.0-60.80~14.04.1])
upstream
Released (4.4~rc6)
vivid Does not exist

wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist

linux-lts-vivid
Launchpad, Ubuntu, Debian
precise Does not exist

trusty Does not exist
(trusty was released [3.19.0-51.57~14.04.1])
upstream
Released (4.4~rc6)
vivid Does not exist

wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist

linux-lts-wily
Launchpad, Ubuntu, Debian
precise Does not exist

trusty Does not exist
(trusty was released [4.2.0-27.32~14.04.1])
upstream
Released (4.4~rc6)
vivid Does not exist

wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist

linux-lts-xenial
Launchpad, Ubuntu, Debian
precise Does not exist

trusty Not vulnerable
(4.4.0-13.29~14.04.1)
upstream
Released (4.4~rc6)
vivid Does not exist

wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist

linux-maguro
Launchpad, Ubuntu, Debian
precise Does not exist

trusty Does not exist
(trusty was ignored)
upstream
Released (4.4~rc6)
vivid Does not exist

wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist

linux-mako
Launchpad, Ubuntu, Debian
precise Does not exist

trusty Does not exist
(trusty was ignored)
upstream
Released (4.4~rc6)
vivid Ignored
(reached end-of-life)
wily Ignored
(reached end-of-life)
xenial Ignored
(abandoned)
yakkety Ignored
(abandoned)
zesty Does not exist

linux-manta
Launchpad, Ubuntu, Debian
precise Does not exist

trusty Does not exist
(trusty was ignored)
upstream
Released (4.4~rc6)
vivid Ignored
(reached end-of-life)
wily Ignored
(reached end-of-life)
xenial Does not exist

yakkety Does not exist

zesty Does not exist

linux-mvl-dove
Launchpad, Ubuntu, Debian
precise Does not exist

trusty Does not exist

upstream
Released (4.4~rc6)
vivid Does not exist

wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist

linux-qcm-msm
Launchpad, Ubuntu, Debian
precise Does not exist
(precise was ignored [abandoned])
trusty Does not exist

upstream
Released (4.4~rc6)
vivid Does not exist

wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist

linux-raspi2
Launchpad, Ubuntu, Debian
precise Does not exist

trusty Does not exist

upstream
Released (4.4~rc6)
vivid Does not exist

wily
Released (4.2.0-1022.29)
xenial Not vulnerable
(4.4.0-1003.4)
yakkety Not vulnerable
(4.4.0-1009.10)
zesty Not vulnerable
(4.8.0-1013.15)
linux-snapdragon
Launchpad, Ubuntu, Debian
precise Does not exist

trusty Does not exist

upstream
Released (4.4~rc6)
wily Does not exist

xenial Not vulnerable
(4.4.0-1012.12)
yakkety Not vulnerable
(4.4.0-1012.12)
zesty Not vulnerable
(4.4.0-1029.32)
linux-ti-omap4
Launchpad, Ubuntu, Debian
precise Does not exist
(precise was released [3.2.0-1476.99])
trusty Does not exist

upstream
Released (4.4~rc6)
vivid Does not exist

wily Does not exist

xenial Does not exist

yakkety Does not exist

zesty Does not exist