CVE-2015-1339

MEDIUM

Linux Kernel <4.4 - DoS

Title source: llm

Description

Memory leak in the cuse_channel_release function in fs/fuse/cuse.c in the Linux kernel before 4.4 allows local users to cause a denial of service (memory consumption) or possibly have unspecified other impact by opening /dev/cuse many times.

References (8)

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html

[Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html

[Patch] http://www.openwall.com/lists/oss-security/2016/03/02/13

[Issue Tracking] https://bugzilla.novell.com/show_bug.cgi?id=969356

[Issue Tracking] https://bugzilla.redhat.com/show_bug.cgi?id=1314331

[Patch, Vendor Advisory] https://github.com/torvalds/linux/commit/2c5816b4beccc8ba709144539f6fdd764f8fa49c

View Patch ZIP pw:eip

[Third Party Advisory] https://security-tracker.debian.org/tracker/CVE-2015-1339

[Patch] http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2c5816b4beccc8ba709144539f6fdd764f8fa49c

Scores

CVSS v3 6.2

EPSS 0.0003

EPSS Percentile 8.8%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-399

Status draft

Affected Products (3)

linux/linux_kernel < 4.3.6

novell/suse_linux_enterprise_debuginfo

novell/suse_linux_enterprise_real_time_extension

Timeline

Published Apr 27, 2016

Tracked Since Feb 18, 2026