Back to bug 1303532
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Wade Mealing | 2016-02-01 08:32:11 UTC | CC | security-response-team | |
| Red Hat Bugzilla | 2016-02-01 08:32:11 UTC | Doc Type | --- | Bug Fix |
| Wade Mealing | 2016-02-01 08:32:23 UTC | Blocks | 1249021 | |
| Wade Mealing | 2016-02-02 04:37:25 UTC | Blocks | 1249021 | 1247626 |
| Wade Mealing | 2016-02-02 05:41:04 UTC | Whiteboard | impact=moderate,public=20161212,reported=20150728,source=redhat,cvss2=4.9/AV:L/AC:L/Au:N/C:N/I:N/A:C,rhel-5/kernel=new,rhel-6/kernel=new | impact=moderate,public=20161212,reported=20150728,source=redhat,cvss2=6.9/AV:L/AC:M/Au:N/C:C/I:C/A:C,rhel-5/kernel=new,rhel-6/kernel=new |
| Wade Mealing | 2016-02-02 05:58:17 UTC | Summary | EMBARGOED kernel: CXGB3: Logic bug in return code handling prematurely frees key structues causing Use after free or kernel panic. | EMBARGOED kernel: CXGB3: Logic bug in return code handling prematurely frees key structures causing Use after free or kernel panic. |
| Wade Mealing | 2016-02-02 06:06:13 UTC | Whiteboard | impact=moderate,public=20161212,reported=20150728,source=redhat,cvss2=6.9/AV:L/AC:M/Au:N/C:C/I:C/A:C,rhel-5/kernel=new,rhel-6/kernel=new | impact=moderate,public=20161212,reported=20150728,source=redhat,cvss2=6.9/AV:L/AC:M/Au:N/C:C/I:C/A:C,rhel-5/kernel=affected,rhel-6/kernel=affected,rhel-7/kernel=affected |
| Wade Mealing | 2016-02-11 09:54:14 UTC | Doc Text | A flaw was found in the CXGB3 kernel driver when the network was considered congested. The kernel would incorrectly misinterpret the congestion as an error condition and incorrectly free/clean up the skb. When the device would then send the skb's queued, these structures would be referenced and may panic the system or allow an attacker to escalate privileges in a use-after-free scenario. | |
| Wade Mealing | 2016-02-11 10:02:47 UTC | Whiteboard | impact=moderate,public=20161212,reported=20150728,source=redhat,cvss2=6.9/AV:L/AC:M/Au:N/C:C/I:C/A:C,rhel-5/kernel=affected,rhel-6/kernel=affected,rhel-7/kernel=affected | impact=moderate,public=20161212,reported=20150728,source=redhat,cvss2=6.9/AV:L/AC:M/Au:N/C:C/I:C/A:C,cwe=CWE-416,rhel-5/kernel=affected,rhel-6/kernel=affected,rhel-7/kernel=affected |
| Wade Mealing | 2016-02-11 10:03:16 UTC | Whiteboard | impact=moderate,public=20161212,reported=20150728,source=redhat,cvss2=6.9/AV:L/AC:M/Au:N/C:C/I:C/A:C,cwe=CWE-416,rhel-5/kernel=affected,rhel-6/kernel=affected,rhel-7/kernel=affected | impact=moderate,public=20161212,reported=20150728,source=redhat,cvss2=6.9/AV:L/AC:M/Au:N/C:C/I:C/A:C,cwe=CWE-253,CWE-416,rhel-5/kernel=affected,rhel-6/kernel=affected,rhel-7/kernel=affected |
| Wade Mealing | 2016-02-11 11:32:01 UTC | Whiteboard | impact=moderate,public=20161212,reported=20150728,source=redhat,cvss2=6.9/AV:L/AC:M/Au:N/C:C/I:C/A:C,cwe=CWE-253,CWE-416,rhel-5/kernel=affected,rhel-6/kernel=affected,rhel-7/kernel=affected | impact=moderate,public=20161212,reported=20150728,source=redhat,cvss2=6.9/AV:L/AC:M/Au:N/C:C/I:C/A:C,cwe=CWE-416,rhel-5/kernel=affected,rhel-6/kernel=affected,rhel-7/kernel=affected |
| Wade Mealing | 2016-02-11 11:32:56 UTC | Whiteboard | impact=moderate,public=20161212,reported=20150728,source=redhat,cvss2=6.9/AV:L/AC:M/Au:N/C:C/I:C/A:C,cwe=CWE-416,rhel-5/kernel=affected,rhel-6/kernel=affected,rhel-7/kernel=affected | impact=moderate,public=20160211,reported=20150728,source=redhat,cvss2=6.9/AV:L/AC:M/Au:N/C:C/I:C/A:C,cwe=CWE-416,rhel-5/kernel=affected,rhel-6/kernel=affected,rhel-7/kernel=affected |
| Wade Mealing | 2016-02-11 11:34:51 UTC | Summary | EMBARGOED kernel: CXGB3: Logic bug in return code handling prematurely frees key structures causing Use after free or kernel panic. | kernel: CXGB3: Logic bug in return code handling prematurely frees key structures causing Use after free or kernel panic. |
| Wade Mealing | 2016-02-11 11:34:56 UTC | Group | security, qe_staff | |
| Wade Mealing | 2016-02-12 03:16:01 UTC | Alias | CVE-2015-8812 | |
| Wade Mealing | 2016-02-12 03:16:10 UTC | Summary | kernel: CXGB3: Logic bug in return code handling prematurely frees key structures causing Use after free or kernel panic. | CVE-2015-8812 kernel: CXGB3: Logic bug in return code handling prematurely frees key structures causing Use after free or kernel panic. |
| Wade Mealing | 2016-02-12 06:41:21 UTC | Blocks | 1247078 | |
| Wade Mealing | 2016-02-15 05:18:56 UTC | Doc Text | A flaw was found in the CXGB3 kernel driver when the network was considered congested. The kernel would incorrectly misinterpret the congestion as an error condition and incorrectly free/clean up the skb. When the device would then send the skb's queued, these structures would be referenced and may panic the system or allow an attacker to escalate privileges in a use-after-free scenario. | A flaw was found in the CXGB3 kernel driver when the network was considered congested. The kernel would incorrectly misinterpret the congestion as an error condition and incorrectly free/clean up the skb. When the device would then send the skb's queued, these structures would be referenced and may panic the system or allow an attacker with a local account to escalate privileges in a use-after-free scenario. |
| Wade Mealing | 2016-02-18 03:11:27 UTC | Whiteboard | impact=moderate,public=20160211,reported=20150728,source=redhat,cvss2=6.9/AV:L/AC:M/Au:N/C:C/I:C/A:C,cwe=CWE-416,rhel-5/kernel=affected,rhel-6/kernel=affected,rhel-7/kernel=affected | impact=moderate,public=20160211,reported=20150728,source=redhat,cvss2=6.9/AV:L/AC:M/Au:N/C:C/I:C/A:C,cwe=CWE-416,rhel-5/kernel=wontfix,rhel-6/kernel=wontfix,rhel-7/kernel=affected,mrg-2/kernel=affected,rhelsa-7/arm-kernel=affected |
| Wade Mealing | 2016-02-18 05:36:20 UTC | Whiteboard | impact=moderate,public=20160211,reported=20150728,source=redhat,cvss2=6.9/AV:L/AC:M/Au:N/C:C/I:C/A:C,cwe=CWE-416,rhel-5/kernel=wontfix,rhel-6/kernel=wontfix,rhel-7/kernel=affected,mrg-2/kernel=affected,rhelsa-7/arm-kernel=affected | impact=moderate,public=20160211,reported=20150728,source=redhat,cvss2=6.9/AV:L/AC:M/Au:N/C:C/I:C/A:C,cwe=CWE-416,rhel-5/kernel=wontfix,rhel-6/kernel=wontfix,rhel-7/kernel=affected,mrg-2/kernel=affected,rhelsa-7/arm-kernel=affected,fedora-all/kernel=affected |
| Wade Mealing | 2016-02-18 05:37:36 UTC | Depends On | 1309548 | |
| Summer Long | 2016-02-19 00:20:58 UTC | CC | slong | |
| Doc Text | A flaw was found in the CXGB3 kernel driver when the network was considered congested. The kernel would incorrectly misinterpret the congestion as an error condition and incorrectly free/clean up the skb. When the device would then send the skb's queued, these structures would be referenced and may panic the system or allow an attacker with a local account to escalate privileges in a use-after-free scenario. | A use-after-free flaw was found in the CXGB3 kernel driver when the network was considered to be congested. The kernel incorrectly misinterpreted the congestion as an error condition and incorrectly freed or cleaned up the socket buffer (skb). When the device then sent the skb's queued data, these structures were referenced. A local attacker could use this flaw to panic the system (denial of service) or, with a local account, escalate privileges. | ||
| John Skeoch | 2016-10-04 04:20:53 UTC | CC | pholasek | |
| Martin Prpič | 2016-11-01 15:12:51 UTC | Doc Text | A use-after-free flaw was found in the CXGB3 kernel driver when the network was considered to be congested. The kernel incorrectly misinterpreted the congestion as an error condition and incorrectly freed or cleaned up the socket buffer (skb). When the device then sent the skb's queued data, these structures were referenced. A local attacker could use this flaw to panic the system (denial of service) or, with a local account, escalate privileges. | A use-after-free flaw was found in the CXGB3 kernel driver when the network was considered to be congested. The kernel incorrectly misinterpreted the congestion as an error condition and incorrectly freed or cleaned up the socket buffer (skb). When the device then sent the skb's queued data, these structures were referenced. A local attacker could use this flaw to panic the system (denial of service) or, with a local account, escalate their privileges. |
| PnT Account Manager | 2018-02-07 23:11:01 UTC | CC | agordeev | |
| PnT Account Manager | 2018-07-19 06:14:20 UTC | CC | mguzik | |
| PnT Account Manager | 2018-08-28 22:02:17 UTC | CC | lwang | |
| Product Security DevOps Team | 2019-09-29 13:43:28 UTC | Whiteboard | impact=moderate,public=20160211,reported=20150728,source=redhat,cvss2=6.9/AV:L/AC:M/Au:N/C:C/I:C/A:C,cwe=CWE-416,rhel-5/kernel=wontfix,rhel-6/kernel=wontfix,rhel-7/kernel=affected,mrg-2/kernel=affected,rhelsa-7/arm-kernel=affected,fedora-all/kernel=affected | |
| PnT Account Manager | 2020-09-15 19:09:28 UTC | CC | plougher | |
| Joshua Padman | 2021-10-21 00:50:17 UTC | Resolution | --- | ERRATA |
| Status | NEW | CLOSED | ||
| Last Closed | 2021-10-21 00:50:17 UTC |
Back to bug 1303532