CVE-2015-5675
high
CVSS v3
7.8
CVSS v2
7.2
VIR risk
7.8
Description
The sys_amd64 IRET Handler in the kernel in FreeBSD 9.3 and 10.1 allows local users to gain privileges or cause a denial of service (kernel panic).
Predictions
Exploit likelihood
75%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: cve@mitre.org — https://www.freebsd.org/security/advisories/FreeBSD-SA-15:21.amd64.asc
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| freebsd | 9.3 | affected | |
| freebsd | 10.1 | affected | |
References
- http://packetstormsecurity.com/files/133335/FreeBSD-Security-Advisory-IRET-Handler-Privilege-Escalation.html
- http://www.securityfocus.com/archive/1/536321/100/0/threaded
- http://www.securityfocus.com/bid/76485
- http://www.securitytracker.com/id/1033376
- https://www.freebsd.org/security/advisories/FreeBSD-SA-15:21.amd64.asc
- http://packetstormsecurity.com/files/133335/FreeBSD-Security-Advisory-IRET-Handler-Privilege-Escalation.html
- http://www.securityfocus.com/archive/1/536321/100/0/threaded
- http://www.securityfocus.com/bid/76485
- http://www.securitytracker.com/id/1033376
- https://www.freebsd.org/security/advisories/FreeBSD-SA-15:21.amd64.asc
CWEs
CWE-264
Verify integrity in audit chain (admin only). AS-IS.