{
  "threat_severity" : "Important",
  "public_date" : "2015-06-23T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: Crafted BPF filters may crash kernel during JIT optimisation",
    "id" : "1233615",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1233615"
  },
  "cvss" : {
    "cvss_base_score" : "7.2",
    "cvss_scoring_vector" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
    "status" : "verified"
  },
  "cwe" : "CWE-665",
  "details" : [ "The bpf_int_jit_compile function in arch/x86/net/bpf_jit_comp.c in the Linux kernel before 4.0.6 allows local users to cause a denial of service (system crash) by creating a packet filter and then loading crafted BPF instructions that trigger late convergence by the JIT compiler.", "A flaw was found in the kernel's implementation of the Berkeley Packet Filter (BPF). A local attacker could craft BPF code to crash the system by creating a situation in which the JIT compiler would fail to correctly optimize the JIT image on the last pass. This would lead to the CPU executing instructions that were not part of the JIT code." ],
  "statement" : "This issue does not affect the Linux kernels as shipped with Red Hat Enterprise Linux 5 and 6 as it does not contain the affected code. This does not affect the Red Hat Enterprise MRG 2 as it does not enable the affected code at compile time.\nThis issue affects the Linux kernels as shipped with Red Hat Enterprise Linux 7.",
  "acknowledgement" : "Red Hat would like to thank Daniel Borkmann for reporting this issue.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2015-09-15T00:00:00Z",
    "advisory" : "RHSA-2015:1788",
    "cpe" : "cpe:/a:redhat:rhel_extras_rt:7",
    "package" : "kernel-rt-0:3.10.0-229.14.1.rt56.141.13.el7_1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2015-09-15T00:00:00Z",
    "advisory" : "RHSA-2015:1778",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "kernel-0:3.10.0-229.14.1.ael7b"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 4",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise MRG 2",
    "fix_state" : "Not affected",
    "package_name" : "realtime-kernel",
    "cpe" : "cpe:/a:redhat:enterprise_mrg:2"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2015-4700\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-4700" ],
  "name" : "CVE-2015-4700",
  "mitigation" : {
    "value" : "This issue does not affect most systems by default. An administrator would need to have enabled the BPF JIT to be affected.\nIt can be disabled immediately with the command:\n#   echo 0 > /proc/sys/net/core/bpf_jit_enable\nOr it can be disabled for all subsequent boots of the system by setting a value in  /etc/sysctl.d/44-bpf-jit-disable\n## start file ##\nnet.core.bpf_jit_enable=0\n## end file ##",
    "lang" : "en:us"
  },
  "csaw" : false
}