Vulnerability DatabaseCVE-2015-2922
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2015-2922
May 27, 2015
The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in the Linux kernel before 3.19.6 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message.
Related Resources (21)
http://www.openwall.com/lists/oss-security/2015/04/04/2
http://rhn.redhat.com/errata/RHSA-2015-1564.html
http://rhn.redhat.com/errata/RHSA-2015-1221.html
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
http://www.debian.org/security/2015/dsa-3237
https://people.canonical.com/~ubuntu-security/cve/CVE-2015-2922
https://bugzilla.redhat.com/show_bug.cgi?id=1203712
http://www.securitytracker.com/id/1032417
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
https://github.com/torvalds/linux/commit/6fd99094de2b83d1d4c8457f2c83483b2828e75a
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155908.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155804.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155854.html
http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.19.6
https://access.redhat.com/security/cve/CVE-2015-2922
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6fd99094de2b83d1d4c8457f2c83483b2828e75a
http://rhn.redhat.com/errata/RHSA-2015-1534.html
http://www.securityfocus.com/bid/74315
Do you need more information?
Contact Us
CVSS v4
Base Score:
5.3
Attack Vector
ADJACENT
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
NONE
Vulnerable System Integrity
NONE
Vulnerable System Availability
LOW
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
4.3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
LOW
CVSS v2
Base Score:
3.3
Access Vector
ADJACENT NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
EPSS
Base Score:
1.72