Race Condition Affecting torvalds/linux package, versions [3.0,4.0)


Severity

Recommended
0.0
high
0
10

CVSS assessment by Snyk's Security Team. Learn more

Threat Intelligence

EPSS
0.29% (21st percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-UNMANAGED-TORVALDSLINUX-3005753
  • published26 Jan 2022
  • disclosed10 Oct 2016
  • creditUnknown

Introduced: 10 Oct 2016

CVE-2015-0572  (opens in a new tab)
CWE-362  (opens in a new tab)

How to fix?

Upgrade torvalds/linux to version 4.0 or higher.

Overview

Affected versions of this package are vulnerable to Race Condition. Multiple race conditions in drivers/char/adsprpc.c and drivers/char/adsprpc_compat.c in the ADSPRPC driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to cause a denial of service (zero-value write) or possibly have unspecified other impact via a COMPAT_FASTRPC_IOCTL_INVOKE_FD ioctl call.

References

CVSS Base Scores

version 3.1