CVE-2015-8787
Published: 31 December 2015
The nf_nat_redirect_ipv4 function in net/netfilter/nf_nat_redirect.c in the Linux kernel before 4.4 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by sending certain IPv4 packets to an incompletely configured interface, a related issue to CVE-2003-1604.
From the Ubuntu Security Team
It was discovered that the netfilter Network Address Translation (NAT) implementation did not ensure that data structures were initialized when handling IPv4 addresses. An attacker could use this to cause a denial of service (system crash).
Notes
Author | Note |
---|---|
jdstrand | android kernels (flo, goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 14.10 and earlier preview kernels linux-lts-saucy no longer receives official support linux-lts-quantal no longer receives official support |
seth-arnold | The "Introducing" commit message says IPv6 patch would follow -- we should investigate if it has the same flaw, if it ever followed. |
Priority
Status
Package | Release | Status |
---|---|---|
linux-2.6 Launchpad, Ubuntu, Debian |
upstream |
Released
(4.4~rc1)
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
vivid |
Does not exist
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
linux-aws Launchpad, Ubuntu, Debian |
upstream |
Released
(4.4~rc1)
|
precise |
Does not exist
|
|
trusty |
Not vulnerable
(4.4.0-1002.2)
|
|
xenial |
Not vulnerable
(4.4.0-1001.10)
|
|
yakkety |
Does not exist
|
|
linux-flo Launchpad, Ubuntu, Debian |
upstream |
Released
(4.4~rc1)
|
precise |
Does not exist
|
|
trusty |
Does not exist
(trusty was ignored)
|
|
vivid |
Not vulnerable
|
|
wily |
Not vulnerable
|
|
xenial |
Not vulnerable
|
|
yakkety |
Not vulnerable
|
|
linux-gke Launchpad, Ubuntu, Debian |
upstream |
Released
(4.4~rc1)
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
xenial |
Not vulnerable
(4.4.0-1003.3)
|
|
yakkety |
Does not exist
|
|
linux-goldfish Launchpad, Ubuntu, Debian |
upstream |
Released
(4.4~rc1)
|
precise |
Does not exist
|
|
trusty |
Does not exist
(trusty was ignored)
|
|
vivid |
Not vulnerable
|
|
wily |
Not vulnerable
|
|
xenial |
Not vulnerable
|
|
yakkety |
Not vulnerable
|
|
linux-grouper Launchpad, Ubuntu, Debian |
upstream |
Released
(4.4~rc1)
|
precise |
Does not exist
|
|
trusty |
Does not exist
(trusty was ignored)
|
|
vivid |
Does not exist
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
linux-hwe Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
upstream |
Released
(4.4~rc1)
|
|
xenial |
Not vulnerable
(4.8.0-36.36~16.04.1)
|
|
yakkety |
Does not exist
|
|
precise |
Does not exist
|
|
linux-hwe-edge Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
trusty |
Does not exist
|
|
upstream |
Released
(4.4~rc1)
|
|
xenial |
Not vulnerable
(4.8.0-36.36~16.04.1)
|
|
yakkety |
Does not exist
|
|
linux-linaro-shared Launchpad, Ubuntu, Debian |
vivid |
Does not exist
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
precise |
Ignored
(end of life)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(4.4~rc1)
|
|
linux-linaro-vexpress Launchpad, Ubuntu, Debian |
precise |
Ignored
(end of life)
|
trusty |
Does not exist
|
|
vivid |
Does not exist
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
upstream |
Released
(4.4~rc1)
|
|
linux-lts-quantal Launchpad, Ubuntu, Debian |
precise |
Ignored
(end of life)
|
trusty |
Does not exist
|
|
upstream |
Released
(4.4~rc1)
|
|
vivid |
Does not exist
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
This package is not directly supported by the Ubuntu Security Team | ||
linux-lts-raring Launchpad, Ubuntu, Debian |
precise |
Ignored
(end of life)
|
trusty |
Does not exist
|
|
upstream |
Released
(4.4~rc1)
|
|
vivid |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
wily |
Does not exist
|
|
linux-lts-saucy Launchpad, Ubuntu, Debian |
precise |
Ignored
(end of life)
|
trusty |
Does not exist
|
|
upstream |
Released
(4.4~rc1)
|
|
vivid |
Does not exist
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
This package is not directly supported by the Ubuntu Security Team | ||
linux-lts-trusty Launchpad, Ubuntu, Debian |
precise |
Not vulnerable
|
trusty |
Does not exist
|
|
upstream |
Released
(4.4~rc1)
|
|
vivid |
Does not exist
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
linux-lts-utopic Launchpad, Ubuntu, Debian |
upstream |
Released
(4.4~rc1)
|
precise |
Does not exist
|
|
trusty |
Does not exist
(trusty was not-affected)
|
|
vivid |
Does not exist
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
linux-lts-vivid Launchpad, Ubuntu, Debian |
upstream |
Released
(4.4~rc1)
|
precise |
Does not exist
|
|
trusty |
Released
(3.19.0-49.55~14.04.1)
|
|
vivid |
Does not exist
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
linux-lts-wily Launchpad, Ubuntu, Debian |
upstream |
Released
(4.4~rc1)
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
precise |
Does not exist
|
|
trusty |
Released
(4.2.0-27.32~14.04.1)
|
|
vivid |
Does not exist
|
|
linux-lts-xenial Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
trusty |
Not vulnerable
(4.4.0-13.29~14.04.1)
|
|
upstream |
Released
(4.4~rc1)
|
|
vivid |
Does not exist
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
linux-maguro Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
trusty |
Does not exist
(trusty was ignored)
|
|
upstream |
Released
(4.4~rc1)
|
|
vivid |
Does not exist
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
linux-mako Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
trusty |
Does not exist
(trusty was ignored)
|
|
upstream |
Released
(4.4~rc1)
|
|
vivid |
Not vulnerable
|
|
wily |
Not vulnerable
|
|
xenial |
Not vulnerable
|
|
yakkety |
Not vulnerable
|
|
linux-manta Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
trusty |
Does not exist
(trusty was ignored)
|
|
upstream |
Released
(4.4~rc1)
|
|
vivid |
Not vulnerable
|
|
wily |
Not vulnerable
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
linux-qcm-msm Launchpad, Ubuntu, Debian |
precise |
Ignored
(end of life)
|
trusty |
Does not exist
|
|
upstream |
Released
(4.4~rc1)
|
|
vivid |
Does not exist
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
linux-raspi2 Launchpad, Ubuntu, Debian |
upstream |
Released
(4.4~rc1)
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
vivid |
Does not exist
|
|
wily |
Released
(4.2.0-1022.29)
|
|
xenial |
Not vulnerable
(4.4.0-1003.4)
|
|
yakkety |
Not vulnerable
(4.4.0-1009.10)
|
|
linux-snapdragon Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
trusty |
Does not exist
|
|
upstream |
Released
(4.4~rc1)
|
|
wily |
Does not exist
|
|
xenial |
Not vulnerable
(4.4.0-1012.12)
|
|
yakkety |
Not vulnerable
(4.4.0-1012.12)
|
|
linux-ti-omap4 Launchpad, Ubuntu, Debian |
upstream |
Released
(4.4~rc1)
|
precise |
Not vulnerable
|
|
trusty |
Does not exist
|
|
vivid |
Does not exist
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
linux Launchpad, Ubuntu, Debian |
precise |
Not vulnerable
|
trusty |
Not vulnerable
|
|
vivid |
Released
(3.19.0-49.55)
|
|
wily |
Released
(4.2.0-27.32)
|
|
xenial |
Not vulnerable
(4.4.0-2.16)
|
|
yakkety |
Not vulnerable
(4.4.0-21.37)
|
|
upstream |
Released
(4.4~rc1)
|
|
Patches: Introduced by 8b13eddfdf04cbfa561725cfc42d6868fe896f56 |
||
linux-fsl-imx51 Launchpad, Ubuntu, Debian |
precise |
Does not exist
|
trusty |
Does not exist
|
|
vivid |
Does not exist
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
upstream |
Released
(4.4~rc1)
|
|
linux-linaro-omap Launchpad, Ubuntu, Debian |
precise |
Ignored
(end of life)
|
trusty |
Does not exist
|
|
vivid |
Does not exist
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
upstream |
Released
(4.4~rc1)
|
|
linux-armadaxp Launchpad, Ubuntu, Debian |
precise |
Not vulnerable
|
trusty |
Does not exist
|
|
vivid |
Does not exist
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
upstream |
Released
(4.4~rc1)
|
|
This package is not directly supported by the Ubuntu Security Team |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 9.8 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8787
- https://bugzilla.redhat.com/show_bug.cgi?id=1300731
- https://lkml.org/lkml/2015/12/2/618
- http://www.openwall.com/lists/oss-security/2016/01/27/6
- https://ubuntu.com/security/notices/USN-2889-2
- https://ubuntu.com/security/notices/USN-2889-1
- https://ubuntu.com/security/notices/USN-2890-1
- https://ubuntu.com/security/notices/USN-2890-2
- https://ubuntu.com/security/notices/USN-2890-3
- NVD
- Launchpad
- Debian