cve/2015/CVE-2015-8569.md

CVE-2015-8569

Description

The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel through 4.3.3 do not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application.

POC

Reference

• http://www.ubuntu.com/usn/USN-2886-1
• http://www.ubuntu.com/usn/USN-2890-3

Github

• https://github.com/ARPSyndicate/cvemon
• https://github.com/bcoles/kasld