CVE-2015-7312
Linux Kernel 3.x-4.x - Race Condition via madvise or msync System Call
Title source: llmDescription
Multiple race conditions in the Advanced Union Filesystem (aufs) aufs3-mmap.patch and aufs4-mmap.patch patches for the Linux kernel 3.x and 4.x allow local users to cause a denial of service (use-after-free and BUG) or possibly gain privileges via a (1) madvise or (2) msync system call, related to mm/madvise.c and mm/msync.c.
References (4)
Core 4
Core References
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2015/dsa-3364
Exploit, Third Party Advisory mailing-list
x_refsource_mlist
http://sourceforge.net/p/aufs/mailman/message/34449209/
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/09/22/10
Third Party Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2777-1
Scores
EPSS
0.0039
EPSS Percentile
30.7%
Details
CWE
CWE-362
CWE-416
Status
published
Products (3)
canonical/ubuntu_linux
14.04
debian/debian_linux
8.0
linux/linux_kernel
3.0.0 - 3.19.8
Published
Nov 16, 2015
Tracked Since
Feb 18, 2026