CVE-2015-8955

Published: October 10, 2016Last modified: October 6, 2023

Description

arch/arm64/kernel/perf_event.c in the Linux kernel before 4.1 on arm64 platforms allows local users to gain privileges or cause a denial of service (invalid pointer dereference) via vectors involving events that are mishandled during a span of multiple HW PMUs.

Severity score breakdown

Parameter	Value
Base score	7.3
Attack Vector	LOCAL
Attack complexity	LOW
Privileges required	LOW
User interaction	REQUIRED
Scope	UNCHANGED
Confidentiality	HIGH
Integrity impact	HIGH
Availability impact	HIGH
Vector	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Status

Product	Release	Package	Status
Alpaquita Linux	23 LTS	linux-lts	Not affected (6.1.50-r0)
Alpaquita Linux	Stream	linux-lts	Not affected (6.1.50-r0)

References

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8fff105e13041e49b82f92eef034f363a6b1c071
http://source.android.com/security/bulletin/2016-10-01.html
http://www.securityfocus.com/bid/93314
https://github.com/torvalds/linux/commit/8fff105e13041e49b82f92eef034f363a6b1c071