Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-vcqw-c3yq-byhs
Vulnerability ID VCID-vcqw-c3yq-byhs
Aliases CVE-2015-6564
Summary Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITOR_REQ_PAM_FREE_CTX request.
Status Published
Exploitability 0.5
Weighted Severity 6.3
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-416 Use After Free
System Score Found at
cvssv3.1 7 http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165170.html
ssvc Track http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165170.html
cvssv3.1 7 http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html
ssvc Track http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html
cvssv3.1 7 http://rhn.redhat.com/errata/RHSA-2016-0741.html
ssvc Track http://rhn.redhat.com/errata/RHSA-2016-0741.html
epss 0.04139 https://api.first.org/data/v1/epss?cve=CVE-2015-6564
epss 0.04139 https://api.first.org/data/v1/epss?cve=CVE-2015-6564
epss 0.04139 https://api.first.org/data/v1/epss?cve=CVE-2015-6564
cvssv3.1 7 https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
ssvc Track https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
cvssv3.1 7 http://seclists.org/fulldisclosure/2015/Aug/54
ssvc Track http://seclists.org/fulldisclosure/2015/Aug/54
cvssv3.1 7 https://github.com/openssh/openssh-portable/commit/5e75f5198769056089fb06c4d738ab0e5abc66f7
ssvc Track https://github.com/openssh/openssh-portable/commit/5e75f5198769056089fb06c4d738ab0e5abc66f7
cvssv3.1 7 https://kc.mcafee.com/corporate/index?page=content&id=SB10136
ssvc Track https://kc.mcafee.com/corporate/index?page=content&id=SB10136
cvssv3.1 7 https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html
ssvc Track https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html
cvssv3.1 7 https://security.gentoo.org/glsa/201512-04
ssvc Track https://security.gentoo.org/glsa/201512-04
cvssv3.1 7 https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-764
ssvc Track https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-764
cvssv3.1 7 http://www.openssh.com/txt/release-7.0
ssvc Track http://www.openssh.com/txt/release-7.0
cvssv3.1 7 http://www.openwall.com/lists/oss-security/2015/08/22/1
ssvc Track http://www.openwall.com/lists/oss-security/2015/08/22/1
cvssv3.1 7 http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
ssvc Track http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
cvssv3.1 7 http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
ssvc Track http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
cvssv3.1 7 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
ssvc Track http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
cvssv3.1 7 http://www.securityfocus.com/bid/76317
ssvc Track http://www.securityfocus.com/bid/76317
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-6564.json
https://api.first.org/data/v1/epss?cve=CVE-2015-6564
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6564
1 http://www.openwall.com/lists/oss-security/2015/08/22/1
1252852 https://bugzilla.redhat.com/show_bug.cgi?id=1252852
165170.html http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165170.html
201512-04 https://security.gentoo.org/glsa/201512-04
54 http://seclists.org/fulldisclosure/2015/Aug/54
5e75f5198769056089fb06c4d738ab0e5abc66f7 https://github.com/openssh/openssh-portable/commit/5e75f5198769056089fb06c4d738ab0e5abc66f7
76317 http://www.securityfocus.com/bid/76317
795711 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=795711
brocade-security-advisory-2019-764 https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-764
bulletinjan2016-2867206.html http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
index?page=content&id=SB10136 https://kc.mcafee.com/corporate/index?page=content&id=SB10136
linuxbulletinapr2016-2952096.html http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
linuxbulletinoct2015-2719645.html http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
msg00010.html https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html
msg00017.html http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html
release-7.0 http://www.openssh.com/txt/release-7.0
RHSA-2015:2088 https://access.redhat.com/errata/RHSA-2015:2088
RHSA-2016:0741 https://access.redhat.com/errata/RHSA-2016:0741
RHSA-2016-0741.html http://rhn.redhat.com/errata/RHSA-2016-0741.html
ssa-412672.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165170.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:18:01Z/ Found at http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165170.html
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:18:01Z/ Found at http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://rhn.redhat.com/errata/RHSA-2016-0741.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:18:01Z/ Found at http://rhn.redhat.com/errata/RHSA-2016-0741.html
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:18:01Z/ Found at https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://seclists.org/fulldisclosure/2015/Aug/54
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:18:01Z/ Found at http://seclists.org/fulldisclosure/2015/Aug/54
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/openssh/openssh-portable/commit/5e75f5198769056089fb06c4d738ab0e5abc66f7
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:18:01Z/ Found at https://github.com/openssh/openssh-portable/commit/5e75f5198769056089fb06c4d738ab0e5abc66f7
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://kc.mcafee.com/corporate/index?page=content&id=SB10136
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:18:01Z/ Found at https://kc.mcafee.com/corporate/index?page=content&id=SB10136
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:18:01Z/ Found at https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://security.gentoo.org/glsa/201512-04
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:18:01Z/ Found at https://security.gentoo.org/glsa/201512-04
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-764
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:18:01Z/ Found at https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-764
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://www.openssh.com/txt/release-7.0
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:18:01Z/ Found at http://www.openssh.com/txt/release-7.0
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://www.openwall.com/lists/oss-security/2015/08/22/1
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:18:01Z/ Found at http://www.openwall.com/lists/oss-security/2015/08/22/1
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:18:01Z/ Found at http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:18:01Z/ Found at http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:18:01Z/ Found at http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at http://www.securityfocus.com/bid/76317
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-27T16:18:01Z/ Found at http://www.securityfocus.com/bid/76317
Exploit Prediction Scoring System (EPSS)
Percentile 0.889
EPSS Score 0.04139
Published At June 11, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-11T17:33:26.893221+00:00 Vulnrichment Import https://github.com/cisagov/vulnrichment/blob/develop/2015/6xxx/CVE-2015-6564.json 38.6.0