CVE-2015-8967

Published: Dec 8, 2016Modified: May 6, 2026

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

arch/arm64/kernel/sys.c in the Linux kernel before 4.0 allows local users to bypass the "strict page permissions" protection mechanism and modify the system-call table, and consequently gain privileges, by leveraging write access.

Affected (3)

Products: Google: Android · Linux: Linux Kernel

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Google Android	Up to 7.0

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	Up to 3.18.54
Linux Linux Kernel	From 3.19 to 3.19.8

Related CWEs

CWE-264

References (8)

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c623b33b4e9599c6ac5076f7db7369eb9869aa04

Source: security@android.com

Issue TrackingPatchVendor Advisory

http://source.android.com/security/bulletin/2016-12-01.html

Source: security@android.com

Third Party Advisory

http://www.securityfocus.com/bid/94680

Source: security@android.com

Third Party AdvisoryVDB Entry

https://github.com/torvalds/linux/commit/c623b33b4e9599c6ac5076f7db7369eb9869aa04

Source: security@android.com

Issue TrackingPatchThird Party Advisory

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c623b33b4e9599c6ac5076f7db7369eb9869aa04

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchVendor Advisory

http://source.android.com/security/bulletin/2016-12-01.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.securityfocus.com/bid/94680

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://github.com/torvalds/linux/commit/c623b33b4e9599c6ac5076f7db7369eb9869aa04

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

Timeline

No history available yet.