« List of all CVEs

CVE-2015-8963

Published: 11/16/2016 Last updated: 10/15/2024 Reserved: 10/3/2016

Race condition in kernel/events/core.c in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging incorrect handling of an swevent data structure during a CPU unplug operation.

CNA assigner: google_android (baff130e-b8d5-4e15-b3d3-c3cf5d5545c6) Requested by: n/a

Metrics

Version Score Severity Vector String
3.1 7 High CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Opam packages affected (29)

albatross cdrom conf-bpftool conf-libbpf conf-linux-libc-dev core core_unix hvsock mirage-block-unix mm ocaml-probes ortools_solvers orun rawlink rawlink-eio rawlink-lwt restricted shell solo5 solo5-bindings-hvt solo5-bindings-spt solo5-cross-aarch64 solo5-kernel-ukvm tracy-client tuntap uring vhd-format vhd-format-lwt xapi-stdext-unix

Products affected (2)

Product Vendor Version
n/a n/a <= 5.10.*
n/a n/a < 0b4d69539fdea138af2befe08893850c89248068

References (16)