CVE-2015-8569

NameCVE-2015-8569
DescriptionThe (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel through 4.3.3 do not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-3434-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
linux (PTS)bullseye5.10.223-1fixed
bullseye (security)5.10.226-1fixed
bookworm6.1.115-1fixed
bookworm (security)6.1.119-1fixed
trixie6.12.5-1fixed
sid6.12.6-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
linuxsourcewheezy3.2.73-2+deb7u2DSA-3434-1
linuxsourcejessie3.16.7-ckt20-1+deb8u2DSA-3434-1
linuxsource(unstable)4.3.3-3
linux-2.6sourcesqueeze(not affected)
linux-2.6source(unstable)(unfixed)

Notes

[squeeze] - linux-2.6 <not-affected> (Vulnerable code introduced later)
https://www.openwall.com/lists/oss-security/2015/12/15/7
Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=09ccfd238e5a0e670d8178cf50180ea81ae09ae1 (v4.4-rc6)
pptp_{connect,bind} introduced in https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=00959ade36acadc00e757f87060bf6e4501d545f (v2.6.37-rc1)
https://lkml.org/lkml/2015/12/14/252

Search for package or bug name: Reporting problems