Medium severity5.5NVD Advisory· Published May 2, 2016· Updated May 6, 2026

CVE-2015-1350

Description

The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program.

Affected products

Linux/Kernel
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Range: >=3.0,<=3.19.8
Red Hat/Enterprise Linux3 versions
cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
Red Hat/Enterprise Mrg
cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

marc.infonvdMailing ListPatchThird Party Advisory
bugzilla.redhat.com/show_bug.cginvdIssue TrackingPatchThird Party Advisory
bugs.debian.org/cgi-bin/bugreport.cginvdExploitMailing ListThird Party Advisory
www.openwall.com/lists/oss-security/2015/01/24/5nvdMailing ListThird Party Advisory
www.securityfocus.com/bid/76075nvdThird Party AdvisoryVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.358
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000