CVE-2015-3285
low
CVSS v3
—
VIR risk
2.1
Description
The pioctl for the OSD FS command in OpenAFS before 1.6.13 uses the wrong pointer when writing the results of the RPC, which allows local users to cause a denial of service (memory corruption and kernel panic) via a crafted OSD FS command.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| debian | bookworm | fixed | 1.6.13-1 |
| debian | bullseye | fixed | 1.6.13-1 |
| debian | sid | fixed | 1.6.13-1 |
| debian | trixie | fixed | 1.6.13-1 |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| openafs | openafs | {"endIncluding":"1.6.12"} | |
References
- http://www.debian.org/security/2015/dsa-3320
- http://www.openafs.org/pages/security/OPENAFS-SA-2015-004.txt
- http://www.securitytracker.com/id/1033262
- https://lists.openafs.org/pipermail/openafs-announce/2015/000486.html
- https://www.openafs.org/dl/openafs/1.6.13/RELNOTES-1.6.13
- https://security-tracker.debian.org/tracker/CVE-2015-3285
CWEs
CWE-119
💬 Discuss CVE-2015-3285 on VIR Community →
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.