CVE-2015-8845

The tm_reclaim_thread function in arch/powerpc/kernel/process.c in the Linux kernel before 4.4.1 on powerpc platforms does not ensure that TM suspend mode exists before proceeding with a tm_reclaim call, which allows local users to cause a denial of service (TM Bad Thing exception and panic) via a crafted application.

Published : 2016-04-27 17:59 Updated : 2018-01-05 02:30

4.9
CVSS Score More info
Score 4.9 / 10
4.9
Vendor Product Version URI
Suse Suse Linux Enterprise Workstation Extension 12.0 cpe:/a:suse:suse_linux_enterprise_workstation_extension:12.0
Linux Linux Kernel 4.4 cpe:/o:linux:linux_kernel:4.4
Suse Suse Linux Enterprise Software Development Kit 12.0 cpe:/a:suse:suse_linux_enterprise_software_development_kit:12.0
Novell Suse Linux Enterprise Server 12.0 cpe:/o:novell:suse_linux_enterprise_server:12.0
Suse Suse Linux Enterprise Module For Public Cloud 12.0 cpe:/a:suse:suse_linux_enterprise_module_for_public_cloud:12.0
Suse Suse Linux Enterprise Live Patching 12.0 cpe:/a:suse:suse_linux_enterprise_live_patching:12.0
Suse Suse Linux Enterprise Real Time Extension 12 cpe:/a:suse:suse_linux_enterprise_real_time_extension:12:sp1
Novell Suse Linux Enterprise Desktop 12.0 cpe:/o:novell:suse_linux_enterprise_desktop:12.0
  1. Suse (5) Search CVE
    1. Suse Linux Enterprise Workstation Extension (1) Search CVE
      1. 12.0
    2. Suse Linux Enterprise Module For Public Cloud (1) Search CVE
      1. 12.0
    3. Suse Linux Enterprise Live Patching (1) Search CVE
      1. 12.0
    4. Suse Linux Enterprise Software Development Kit (1) Search CVE
      1. 12.0
    5. Suse Linux Enterprise Real Time Extension (1) Search CVE
      1. 12
  2. Novell (2) Search CVE
    1. Suse Linux Enterprise Desktop (1) Search CVE
      1. 12.0
    2. Suse Linux Enterprise Server (1) Search CVE
      1. 12.0
  3. Linux (1) Search CVE
    1. Linux Kernel (1) Search CVE
      1. 4.4

CWE

ID Name Description Links
CWE-284 Improper Access Control The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor. CVE

History of changes