CVE-2015-8569

Low CVSS 2.3

Overview

The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel through 4.3.3 do not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application.

CWE: CWE-200 Published: 2015-12-28T11:59:07.030

Risk analysis

This vulnerability is rated 🟢 LOW.

CVSS: 2.3 (LOW)
Detected tags: none (tag impact: LOW)

Recommended actions:

Prioritize remediation based on business criticality and exposure.
Limit exposure and increase monitoring until fixed.

Overview

Recommended tools

Tags