CVE-2015-2922

Published: May 27, 2015Modified: May 6, 2026

3.3

Vector

AV:A/AC:L/Au:N/C:N/I:N/A:P

Exploitability: 6.5 / Impact: 2.9

Source: NVD

Description

The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in the Linux kernel before 3.19.6 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message.

Affected (9)

Products: Linux: Linux Kernel · Fedoraproject: Fedora · Oracle: Linux, Solaris · +2 more

Show all products

Linux: Linux Kernel · Fedoraproject: Fedora · Oracle: Linux, Solaris · Redhat: Enterprise Mrg · Debian: Debian Linux

1 product

1 product

2 products

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	Up to 3.19.5

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 20
Fedoraproject Fedora	Version 21
Fedoraproject Fedora	Version 22

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Oracle Linux	Version 5.0
Oracle Solaris	Version 11.3

Configuration D

1 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Mrg	Version 2.5

Configuration E

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 7.0
Debian Debian Linux	Version 8.0

Related CWEs

References (38)

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6fd99094de2b83d1d4c8457f2c83483b2828e75a

Source: cve@mitre.org

http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155804.html

Source: cve@mitre.org

Third Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155854.html

Source: cve@mitre.org

Third Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155908.html

Source: cve@mitre.org

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.html

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html

Source: cve@mitre.org

http://rhn.redhat.com/errata/RHSA-2015-1221.html

Source: cve@mitre.org

http://rhn.redhat.com/errata/RHSA-2015-1534.html

Source: cve@mitre.org

http://rhn.redhat.com/errata/RHSA-2015-1564.html

Source: cve@mitre.org

Third Party Advisory

http://www.debian.org/security/2015/dsa-3237

Source: cve@mitre.org

Third Party Advisory

http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.19.6

Source: cve@mitre.org

ExploitVendor Advisory

http://www.openwall.com/lists/oss-security/2015/04/04/2

Source: cve@mitre.org

Exploit

http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

Source: cve@mitre.org

Third Party Advisory

http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

Source: cve@mitre.org

Third Party Advisory

http://www.securityfocus.com/bid/74315

Source: cve@mitre.org

http://www.securitytracker.com/id/1032417

Source: cve@mitre.org

https://bugzilla.redhat.com/show_bug.cgi?id=1203712

Source: cve@mitre.org

Issue Tracking

https://github.com/torvalds/linux/commit/6fd99094de2b83d1d4c8457f2c83483b2828e75a

Source: cve@mitre.org

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6fd99094de2b83d1d4c8457f2c83483b2828e75a

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155804.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155854.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155908.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2015-1221.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2015-1534.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2015-1564.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.debian.org/security/2015/dsa-3237

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.19.6

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitVendor Advisory

http://www.openwall.com/lists/oss-security/2015/04/04/2

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.securityfocus.com/bid/74315

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1032417

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=1203712

Source: af854a3a-2127-422b-91ae-364da2661108

Issue Tracking

https://github.com/torvalds/linux/commit/6fd99094de2b83d1d4c8457f2c83483b2828e75a

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.