Vulnerabilities

CVE-2015-8569

by Fred · 28/12/2015

The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel through 4.3.3 do not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application.

Date published : 2015-12-28

http://www.securityfocus.com/bid/79428

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=09ccfd238e5a0e670d8178cf50180ea81ae09ae1

Similar

Tags: Cybersecurity Alert