CVE-2015-2041

Name	CVE-2015-2041
Description	net/llc/sysctl_net_llc.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, which allows local users to obtain potentially sensitive information from kernel memory or possibly have unspecified other impact by accessing a sysctl entry.
Source	CVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DLA-246-1, DSA-3237-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
linux (PTS)	bullseye	5.10.223-1	fixed
	bullseye (security)	5.10.244-1	fixed
	bookworm	6.1.148-1	fixed
	bookworm (security)	6.1.158-1	fixed
	trixie	6.12.57-1	fixed
	trixie (security)	6.12.48-1	fixed
	forky	6.16.12-2	fixed
	sid	6.17.8-1	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Origin
linux	source	wheezy	3.2.68-1+deb7u1	DSA-3237-1
linux	source	jessie	3.16.7-ckt9-3~deb8u1	DSA-3237-1
linux	source	(unstable)	3.16.7-ckt9-1
linux-2.6	source	squeeze	2.6.32-48squeeze12	DLA-246-1
linux-2.6	source	(unstable)	(unfixed)

Notes

[squeeze] - linux-2.6 <no-dsa> (Minor issue)
Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6b8d9117ccb4f81b1244aafa7bc70ef8fa45fc49 (v3.19-rc7)
(earliest) introduced in https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=590232a7150674b2036291eaefce085f3f9659c8 (v2.6.14-rc3)