Vulnerability-Lookup

CERTFR-2017-AVI-162

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un déni de service.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
SUSE	N/A	SUSE Linux Enterprise Module pour Public Cloud 12
SUSE	SUSE Linux Enterprise Live Patching	SUSE Linux Enterprise Live Patching 12
SUSE	SUSE Linux Enterprise Server	SUSE Linux Enterprise Server 12-SP1
SUSE	SUSE Linux Enterprise Desktop	SUSE Linux Enterprise Desktop 12-SP1
SUSE	N/A	SUSE Linux Enterprise Workstation Extension 12-SP1
SUSE	N/A	SUSE Linux Enterprise Software Development Kit 12-SP1

References

Title

Publication Time

CVE-2015-1350 (GCVE-0-2015-1350)

Vulnerability from cvelistv5 – Published: 2016-05-02 10:00 – Updated: 2024-08-06 04:40

Summary

The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program.

Severity

No CVSS data available.

CWE

Assigner

mitre

References

5 references

URL	Tags
https://bugzilla.redhat.com/show_bug.cgi?id=1185139	x_refsource_CONFIRM
http://www.securityfocus.com/bid/76075	vdb-entryx_refsource_BID
http://marc.info/?l=linux-kernel&m=142153722930533&w=2	mailing-listx_refsource_MLIST
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug…	x_refsource_MISC
http://www.openwall.com/lists/oss-security/2015/01/24/5	mailing-listx_refsource_MLIST

Date Public

2015-01-17 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:40:18.594Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1185139"
          },
          {
            "name": "76075",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/76075"
          },
          {
            "name": "[linux-kernel] 20150117 [RFC PATCH RESEND] vfs: Move security_inode_killpriv() after permission checks",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=linux-kernel\u0026m=142153722930533\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770492"
          },
          {
            "name": "[oss-security] 20150124 Re: CVE Request: Linux kernel - Denial of service in notify_change for xattrs.",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/01/24/5"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-01-17T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-02-01T10:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1185139"
        },
        {
          "name": "76075",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/76075"
        },
        {
          "name": "[linux-kernel] 20150117 [RFC PATCH RESEND] vfs: Move security_inode_killpriv() after permission checks",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=linux-kernel\u0026m=142153722930533\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770492"
        },
        {
          "name": "[oss-security] 20150124 Re: CVE Request: Linux kernel - Denial of service in notify_change for xattrs.",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/01/24/5"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-1350",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1185139",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1185139"
            },
            {
              "name": "76075",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/76075"
            },
            {
              "name": "[linux-kernel] 20150117 [RFC PATCH RESEND] vfs: Move security_inode_killpriv() after permission checks",
              "refsource": "MLIST",
              "url": "http://marc.info/?l=linux-kernel\u0026m=142153722930533\u0026w=2"
            },
            {
              "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770492",
              "refsource": "MISC",
              "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770492"
            },
            {
              "name": "[oss-security] 20150124 Re: CVE Request: Linux kernel - Denial of service in notify_change for xattrs.",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/01/24/5"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-1350",
    "datePublished": "2016-05-02T10:00:00.000Z",
    "dateReserved": "2015-01-24T00:00:00.000Z",
    "dateUpdated": "2024-08-06T04:40:18.594Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-1004 (GCVE-0-2016-1004)

Vulnerability from cvelistv5 – Published: 2016-12-31 02:00 – Updated: 2016-12-31 01:57

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "providerMetadata": {
        "dateUpdated": "2016-12-31T01:57:01.000Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "rejectedReasons": [
        {
          "lang": "en",
          "value": "DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: none.  Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016.  Notes: none"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2016-1004",
    "datePublished": "2016-12-31T02:00:00.000Z",
    "dateRejected": "2016-12-31T01:57:01.000Z",
    "dateReserved": "2015-12-22T00:00:00.000Z",
    "dateUpdated": "2016-12-31T01:57:01.000Z",
    "state": "REJECTED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.0"
}

CVE-2016-1020 (GCVE-0-2016-1020)

Vulnerability from cvelistv5 – Published: 2016-04-09 01:00 – Updated: 2024-08-05 22:38

Summary

Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1032, and CVE-2016-1033.

Severity

No CVSS data available.

CWE

Assigner

adobe

References

6 references

URL	Tags
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2016-0610.html	vendor-advisoryx_refsource_REDHAT
http://www.securityfocus.com/bid/85932	vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1035509	vdb-entryx_refsource_SECTRACK
https://helpx.adobe.com/security/products/flash-p…	x_refsource_CONFIRM

Date Public

2016-04-07 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T22:38:41.532Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SUSE-SU-2016:1305",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.html"
          },
          {
            "name": "openSUSE-SU-2016:1306",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html"
          },
          {
            "name": "RHSA-2016:0610",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-0610.html"
          },
          {
            "name": "85932",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/85932"
          },
          {
            "name": "1035509",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1035509"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-10.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-04-07T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1032, and CVE-2016-1033."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-06-07T09:57:01.000Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "name": "SUSE-SU-2016:1305",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.html"
        },
        {
          "name": "openSUSE-SU-2016:1306",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html"
        },
        {
          "name": "RHSA-2016:0610",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-0610.html"
        },
        {
          "name": "85932",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/85932"
        },
        {
          "name": "1035509",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1035509"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-10.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2016-1020",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1032, and CVE-2016-1033."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "SUSE-SU-2016:1305",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.html"
            },
            {
              "name": "openSUSE-SU-2016:1306",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html"
            },
            {
              "name": "RHSA-2016:0610",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0610.html"
            },
            {
              "name": "85932",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/85932"
            },
            {
              "name": "1035509",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1035509"
            },
            {
              "name": "https://helpx.adobe.com/security/products/flash-player/apsb16-10.html",
              "refsource": "CONFIRM",
              "url": "https://helpx.adobe.com/security/products/flash-player/apsb16-10.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2016-1020",
    "datePublished": "2016-04-09T01:00:00.000Z",
    "dateReserved": "2015-12-22T00:00:00.000Z",
    "dateUpdated": "2024-08-05T22:38:41.532Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-2117 (GCVE-0-2016-2117)

Vulnerability from cvelistv5 – Published: 2016-05-02 10:00 – Updated: 2024-08-05 23:17

Summary

The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel through 4.5.2 incorrectly enables scatter/gather I/O, which allows remote attackers to obtain sensitive information from kernel memory by reading packet data.

Severity

No CVSS data available.

CWE

Assigner

redhat

References

20 references

URL	Tags
http://www.ubuntu.com/usn/USN-3006-1	vendor-advisoryx_refsource_UBUNTU
http://www.oracle.com/technetwork/topics/security…	x_refsource_CONFIRM
http://www.ubuntu.com/usn/USN-3004-1	vendor-advisoryx_refsource_UBUNTU
http://git.kernel.org/cgit/linux/kernel/git/torva…	x_refsource_CONFIRM
http://www.ubuntu.com/usn/USN-3001-1	vendor-advisoryx_refsource_UBUNTU
http://www.oracle.com/technetwork/topics/security…	x_refsource_CONFIRM
http://www.ubuntu.com/usn/USN-3005-1	vendor-advisoryx_refsource_UBUNTU
http://rhn.redhat.com/errata/RHSA-2016-2584.html	vendor-advisoryx_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2016-2574.html	vendor-advisoryx_refsource_REDHAT
http://www.ubuntu.com/usn/USN-3000-1	vendor-advisoryx_refsource_UBUNTU
http://www.debian.org/security/2016/dsa-3607	vendor-advisoryx_refsource_DEBIAN
http://www.ubuntu.com/usn/USN-3002-1	vendor-advisoryx_refsource_UBUNTU
http://www.securityfocus.com/bid/84500	vdb-entryx_refsource_BID
http://www.ubuntu.com/usn/USN-2989-1	vendor-advisoryx_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-3007-1	vendor-advisoryx_refsource_UBUNTU
http://www.openwall.com/lists/oss-security/2016/03/16/7	mailing-listx_refsource_MLIST
http://www.ubuntu.com/usn/USN-3003-1	vendor-advisoryx_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-2998-1	vendor-advisoryx_refsource_UBUNTU
https://github.com/torvalds/linux/commit/f43bfaed…	x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=1312298	x_refsource_CONFIRM

Date Public

2016-03-16 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:17:50.600Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-3006-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3006-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
          },
          {
            "name": "USN-3004-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3004-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f43bfaeddc79effbf3d0fcb53ca477cca66f3db8"
          },
          {
            "name": "USN-3001-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3001-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
          },
          {
            "name": "USN-3005-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3005-1"
          },
          {
            "name": "RHSA-2016:2584",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html"
          },
          {
            "name": "RHSA-2016:2574",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html"
          },
          {
            "name": "USN-3000-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3000-1"
          },
          {
            "name": "DSA-3607",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3607"
          },
          {
            "name": "USN-3002-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3002-1"
          },
          {
            "name": "84500",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/84500"
          },
          {
            "name": "USN-2989-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2989-1"
          },
          {
            "name": "USN-3007-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3007-1"
          },
          {
            "name": "[oss-security] 20160316 CVE-2016-2117 memory disclosure to ethernet due to unchecked scatter/gather IO",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/03/16/7"
          },
          {
            "name": "USN-3003-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3003-1"
          },
          {
            "name": "USN-2998-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2998-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/f43bfaeddc79effbf3d0fcb53ca477cca66f3db8"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1312298"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-03-16T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel through 4.5.2 incorrectly enables scatter/gather I/O, which allows remote attackers to obtain sensitive information from kernel memory by reading packet data."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "USN-3006-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3006-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
        },
        {
          "name": "USN-3004-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3004-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f43bfaeddc79effbf3d0fcb53ca477cca66f3db8"
        },
        {
          "name": "USN-3001-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3001-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
        },
        {
          "name": "USN-3005-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3005-1"
        },
        {
          "name": "RHSA-2016:2584",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html"
        },
        {
          "name": "RHSA-2016:2574",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html"
        },
        {
          "name": "USN-3000-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3000-1"
        },
        {
          "name": "DSA-3607",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3607"
        },
        {
          "name": "USN-3002-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3002-1"
        },
        {
          "name": "84500",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/84500"
        },
        {
          "name": "USN-2989-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2989-1"
        },
        {
          "name": "USN-3007-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3007-1"
        },
        {
          "name": "[oss-security] 20160316 CVE-2016-2117 memory disclosure to ethernet due to unchecked scatter/gather IO",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/03/16/7"
        },
        {
          "name": "USN-3003-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3003-1"
        },
        {
          "name": "USN-2998-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2998-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/torvalds/linux/commit/f43bfaeddc79effbf3d0fcb53ca477cca66f3db8"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1312298"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-2117",
    "datePublished": "2016-05-02T10:00:00.000Z",
    "dateReserved": "2016-01-29T00:00:00.000Z",
    "dateUpdated": "2024-08-05T23:17:50.600Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-3070 (GCVE-0-2016-3070)

Vulnerability from cvelistv5 – Published: 2016-08-06 20:00 – Updated: 2024-08-05 23:40

Summary

The trace_writeback_dirty_page implementation in include/trace/events/writeback.h in the Linux kernel before 4.4 improperly interacts with mm/migrate.c, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by triggering a certain page move.

Severity

No CVSS data available.

CWE

Assigner

redhat

References

15 references

URL	Tags
http://www.ubuntu.com/usn/USN-3035-3	vendor-advisoryx_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-3035-1	vendor-advisoryx_refsource_UBUNTU
https://bugzilla.redhat.com/show_bug.cgi?id=1308846	x_refsource_CONFIRM
http://www.ubuntu.com/usn/USN-3036-1	vendor-advisoryx_refsource_UBUNTU
http://rhn.redhat.com/errata/RHSA-2016-2584.html	vendor-advisoryx_refsource_REDHAT
http://www.ubuntu.com/usn/USN-3035-2	vendor-advisoryx_refsource_UBUNTU
http://rhn.redhat.com/errata/RHSA-2016-2574.html	vendor-advisoryx_refsource_REDHAT
https://github.com/torvalds/linux/commit/42cb14b1…	x_refsource_CONFIRM
http://www.ubuntu.com/usn/USN-3037-1	vendor-advisoryx_refsource_UBUNTU
http://www.debian.org/security/2016/dsa-3607	vendor-advisoryx_refsource_DEBIAN
https://security-tracker.debian.org/tracker/CVE-2…	x_refsource_CONFIRM
http://www.ubuntu.com/usn/USN-3034-1	vendor-advisoryx_refsource_UBUNTU
http://www.securityfocus.com/bid/90518	vdb-entryx_refsource_BID
http://git.kernel.org/cgit/linux/kernel/git/torva…	x_refsource_CONFIRM
http://www.ubuntu.com/usn/USN-3034-2	vendor-advisoryx_refsource_UBUNTU

Date Public

2016-05-10 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:40:15.626Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-3035-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3035-3"
          },
          {
            "name": "USN-3035-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3035-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1308846"
          },
          {
            "name": "USN-3036-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3036-1"
          },
          {
            "name": "RHSA-2016:2584",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html"
          },
          {
            "name": "USN-3035-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3035-2"
          },
          {
            "name": "RHSA-2016:2574",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/42cb14b110a5698ccf26ce59c4441722605a3743"
          },
          {
            "name": "USN-3037-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3037-1"
          },
          {
            "name": "DSA-3607",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3607"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security-tracker.debian.org/tracker/CVE-2016-3070"
          },
          {
            "name": "USN-3034-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3034-1"
          },
          {
            "name": "90518",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/90518"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=42cb14b110a5698ccf26ce59c4441722605a3743"
          },
          {
            "name": "USN-3034-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3034-2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-05-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The trace_writeback_dirty_page implementation in include/trace/events/writeback.h in the Linux kernel before 4.4 improperly interacts with mm/migrate.c, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by triggering a certain page move."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "USN-3035-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3035-3"
        },
        {
          "name": "USN-3035-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3035-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1308846"
        },
        {
          "name": "USN-3036-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3036-1"
        },
        {
          "name": "RHSA-2016:2584",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html"
        },
        {
          "name": "USN-3035-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3035-2"
        },
        {
          "name": "RHSA-2016:2574",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/torvalds/linux/commit/42cb14b110a5698ccf26ce59c4441722605a3743"
        },
        {
          "name": "USN-3037-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3037-1"
        },
        {
          "name": "DSA-3607",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3607"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security-tracker.debian.org/tracker/CVE-2016-3070"
        },
        {
          "name": "USN-3034-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3034-1"
        },
        {
          "name": "90518",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/90518"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=42cb14b110a5698ccf26ce59c4441722605a3743"
        },
        {
          "name": "USN-3034-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3034-2"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-3070",
    "datePublished": "2016-08-06T20:00:00.000Z",
    "dateReserved": "2016-03-10T00:00:00.000Z",
    "dateUpdated": "2024-08-05T23:40:15.626Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-5243 (GCVE-0-2016-5243)

Vulnerability from cvelistv5 – Published: 2016-06-27 10:00 – Updated: 2024-08-06 00:53

Summary

The tipc_nl_compat_link_dump function in net/tipc/netlink_compat.c in the Linux kernel through 4.6.3 does not properly copy a certain string, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message.

Severity

No CVSS data available.

CWE

Assigner

mitre

References

16 references

URL	Tags
http://www.ubuntu.com/usn/USN-3054-1	vendor-advisoryx_refsource_UBUNTU
http://www.openwall.com/lists/oss-security/2016/06/03/4	mailing-listx_refsource_MLIST
http://www.ubuntu.com/usn/USN-3051-1	vendor-advisoryx_refsource_UBUNTU
https://github.com/torvalds/linux/commit/5d2be142…	x_refsource_CONFIRM
http://www.ubuntu.com/usn/USN-3053-1	vendor-advisoryx_refsource_UBUNTU
https://patchwork.ozlabs.org/patch/629100/	x_refsource_CONFIRM
http://www.ubuntu.com/usn/USN-3055-1	vendor-advisoryx_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-3056-1	vendor-advisoryx_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-3052-1	vendor-advisoryx_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-3049-1	vendor-advisoryx_refsource_UBUNTU
http://git.kernel.org/cgit/linux/kernel/git/torva…	x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=1343335	x_refsource_CONFIRM
http://www.debian.org/security/2016/dsa-3607	vendor-advisoryx_refsource_DEBIAN
http://www.ubuntu.com/usn/USN-3050-1	vendor-advisoryx_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-3057-1	vendor-advisoryx_refsource_UBUNTU
http://www.securityfocus.com/bid/91334	vdb-entryx_refsource_BID

Date Public

2016-06-03 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T00:53:48.931Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-3054-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3054-1"
          },
          {
            "name": "[oss-security] 20160603 Re: CVE Request: tipc: an infoleak in tipc_nl_compat_link_dump",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/06/03/4"
          },
          {
            "name": "USN-3051-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3051-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/5d2be1422e02ccd697ccfcd45c85b4a26e6178e2"
          },
          {
            "name": "USN-3053-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3053-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://patchwork.ozlabs.org/patch/629100/"
          },
          {
            "name": "USN-3055-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3055-1"
          },
          {
            "name": "USN-3056-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3056-1"
          },
          {
            "name": "USN-3052-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3052-1"
          },
          {
            "name": "USN-3049-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3049-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5d2be1422e02ccd697ccfcd45c85b4a26e6178e2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343335"
          },
          {
            "name": "DSA-3607",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3607"
          },
          {
            "name": "USN-3050-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3050-1"
          },
          {
            "name": "USN-3057-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3057-1"
          },
          {
            "name": "91334",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/91334"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-06-03T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The tipc_nl_compat_link_dump function in net/tipc/netlink_compat.c in the Linux kernel through 4.6.3 does not properly copy a certain string, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-11-25T20:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "USN-3054-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3054-1"
        },
        {
          "name": "[oss-security] 20160603 Re: CVE Request: tipc: an infoleak in tipc_nl_compat_link_dump",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/06/03/4"
        },
        {
          "name": "USN-3051-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3051-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/torvalds/linux/commit/5d2be1422e02ccd697ccfcd45c85b4a26e6178e2"
        },
        {
          "name": "USN-3053-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3053-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://patchwork.ozlabs.org/patch/629100/"
        },
        {
          "name": "USN-3055-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3055-1"
        },
        {
          "name": "USN-3056-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3056-1"
        },
        {
          "name": "USN-3052-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3052-1"
        },
        {
          "name": "USN-3049-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3049-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5d2be1422e02ccd697ccfcd45c85b4a26e6178e2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343335"
        },
        {
          "name": "DSA-3607",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3607"
        },
        {
          "name": "USN-3050-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3050-1"
        },
        {
          "name": "USN-3057-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3057-1"
        },
        {
          "name": "91334",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/91334"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-5243",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The tipc_nl_compat_link_dump function in net/tipc/netlink_compat.c in the Linux kernel through 4.6.3 does not properly copy a certain string, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-3054-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-3054-1"
            },
            {
              "name": "[oss-security] 20160603 Re: CVE Request: tipc: an infoleak in tipc_nl_compat_link_dump",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/06/03/4"
            },
            {
              "name": "USN-3051-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-3051-1"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/5d2be1422e02ccd697ccfcd45c85b4a26e6178e2",
              "refsource": "CONFIRM",
              "url": "https://github.com/torvalds/linux/commit/5d2be1422e02ccd697ccfcd45c85b4a26e6178e2"
            },
            {
              "name": "USN-3053-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-3053-1"
            },
            {
              "name": "https://patchwork.ozlabs.org/patch/629100/",
              "refsource": "CONFIRM",
              "url": "https://patchwork.ozlabs.org/patch/629100/"
            },
            {
              "name": "USN-3055-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-3055-1"
            },
            {
              "name": "USN-3056-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-3056-1"
            },
            {
              "name": "USN-3052-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-3052-1"
            },
            {
              "name": "USN-3049-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-3049-1"
            },
            {
              "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5d2be1422e02ccd697ccfcd45c85b4a26e6178e2",
              "refsource": "CONFIRM",
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5d2be1422e02ccd697ccfcd45c85b4a26e6178e2"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1343335",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343335"
            },
            {
              "name": "DSA-3607",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2016/dsa-3607"
            },
            {
              "name": "USN-3050-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-3050-1"
            },
            {
              "name": "USN-3057-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-3057-1"
            },
            {
              "name": "91334",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/91334"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-5243",
    "datePublished": "2016-06-27T10:00:00.000Z",
    "dateReserved": "2016-06-03T00:00:00.000Z",
    "dateUpdated": "2024-08-06T00:53:48.931Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-7117 (GCVE-0-2016-7117)

Vulnerability from cvelistv5 – Published: 2016-10-10 10:00 – Updated: 2024-08-06 01:50

Summary

Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing.

Severity

No CVSS data available.

CWE

Assigner

google_android

References

21 references

URL	Tags
http://rhn.redhat.com/errata/RHSA-2017-0216.html	vendor-advisoryx_refsource_REDHAT
https://security-tracker.debian.org/tracker/CVE-2…	x_refsource_CONFIRM
http://source.android.com/security/bulletin/2016-…	x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2017-0086.html	vendor-advisoryx_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2016-2962.html	vendor-advisoryx_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2017-0113.html	vendor-advisoryx_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2017-0091.html	vendor-advisoryx_refsource_REDHAT
https://bugzilla.novell.com/show_bug.cgi?id=1003077	x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=1382268	x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2017-0031.html	vendor-advisoryx_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2017-0065.html	vendor-advisoryx_refsource_REDHAT
https://people.canonical.com/~ubuntu-security/cve…	x_refsource_CONFIRM
http://www.kernel.org/pub/linux/kernel/v4.x/Chang…	x_refsource_CONFIRM
http://www.securityfocus.com/bid/93304	vdb-entryx_refsource_BID
https://github.com/torvalds/linux/commit/34b88a68…	x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2017-0270.html	vendor-advisoryx_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2017-0217.html	vendor-advisoryx_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2017-0036.html	vendor-advisoryx_refsource_REDHAT
http://git.kernel.org/cgit/linux/kernel/git/torva…	x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2017-0215.html	vendor-advisoryx_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2017-0196.html	vendor-advisoryx_refsource_REDHAT

Date Public

2016-03-14 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:50:47.546Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2017:0216",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0216.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security-tracker.debian.org/tracker/CVE-2016-7117"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://source.android.com/security/bulletin/2016-10-01.html"
          },
          {
            "name": "RHSA-2017:0086",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0086.html"
          },
          {
            "name": "RHSA-2016:2962",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2962.html"
          },
          {
            "name": "RHSA-2017:0113",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0113.html"
          },
          {
            "name": "RHSA-2017:0091",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0091.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.novell.com/show_bug.cgi?id=1003077"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1382268"
          },
          {
            "name": "RHSA-2017:0031",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0031.html"
          },
          {
            "name": "RHSA-2017:0065",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0065.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7117.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.2"
          },
          {
            "name": "93304",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/93304"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/34b88a68f26a75e4fded796f1a49c40f82234b7d"
          },
          {
            "name": "RHSA-2017:0270",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0270.html"
          },
          {
            "name": "RHSA-2017:0217",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0217.html"
          },
          {
            "name": "RHSA-2017:0036",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0036.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=34b88a68f26a75e4fded796f1a49c40f82234b7d"
          },
          {
            "name": "RHSA-2017:0215",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0215.html"
          },
          {
            "name": "RHSA-2017:0196",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0196.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-03-14T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01.000Z",
        "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
        "shortName": "google_android"
      },
      "references": [
        {
          "name": "RHSA-2017:0216",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0216.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security-tracker.debian.org/tracker/CVE-2016-7117"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://source.android.com/security/bulletin/2016-10-01.html"
        },
        {
          "name": "RHSA-2017:0086",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0086.html"
        },
        {
          "name": "RHSA-2016:2962",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2962.html"
        },
        {
          "name": "RHSA-2017:0113",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0113.html"
        },
        {
          "name": "RHSA-2017:0091",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0091.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.novell.com/show_bug.cgi?id=1003077"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1382268"
        },
        {
          "name": "RHSA-2017:0031",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0031.html"
        },
        {
          "name": "RHSA-2017:0065",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0065.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7117.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.2"
        },
        {
          "name": "93304",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/93304"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/torvalds/linux/commit/34b88a68f26a75e4fded796f1a49c40f82234b7d"
        },
        {
          "name": "RHSA-2017:0270",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0270.html"
        },
        {
          "name": "RHSA-2017:0217",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0217.html"
        },
        {
          "name": "RHSA-2017:0036",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0036.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=34b88a68f26a75e4fded796f1a49c40f82234b7d"
        },
        {
          "name": "RHSA-2017:0215",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0215.html"
        },
        {
          "name": "RHSA-2017:0196",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0196.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@android.com",
          "ID": "CVE-2016-7117",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2017:0216",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0216.html"
            },
            {
              "name": "https://security-tracker.debian.org/tracker/CVE-2016-7117",
              "refsource": "CONFIRM",
              "url": "https://security-tracker.debian.org/tracker/CVE-2016-7117"
            },
            {
              "name": "http://source.android.com/security/bulletin/2016-10-01.html",
              "refsource": "CONFIRM",
              "url": "http://source.android.com/security/bulletin/2016-10-01.html"
            },
            {
              "name": "RHSA-2017:0086",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0086.html"
            },
            {
              "name": "RHSA-2016:2962",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2962.html"
            },
            {
              "name": "RHSA-2017:0113",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0113.html"
            },
            {
              "name": "RHSA-2017:0091",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0091.html"
            },
            {
              "name": "https://bugzilla.novell.com/show_bug.cgi?id=1003077",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.novell.com/show_bug.cgi?id=1003077"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1382268",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1382268"
            },
            {
              "name": "RHSA-2017:0031",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0031.html"
            },
            {
              "name": "RHSA-2017:0065",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0065.html"
            },
            {
              "name": "https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7117.html",
              "refsource": "CONFIRM",
              "url": "https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7117.html"
            },
            {
              "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.2",
              "refsource": "CONFIRM",
              "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.2"
            },
            {
              "name": "93304",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/93304"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/34b88a68f26a75e4fded796f1a49c40f82234b7d",
              "refsource": "CONFIRM",
              "url": "https://github.com/torvalds/linux/commit/34b88a68f26a75e4fded796f1a49c40f82234b7d"
            },
            {
              "name": "RHSA-2017:0270",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0270.html"
            },
            {
              "name": "RHSA-2017:0217",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0217.html"
            },
            {
              "name": "RHSA-2017:0036",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0036.html"
            },
            {
              "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=34b88a68f26a75e4fded796f1a49c40f82234b7d",
              "refsource": "CONFIRM",
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=34b88a68f26a75e4fded796f1a49c40f82234b7d"
            },
            {
              "name": "RHSA-2017:0215",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0215.html"
            },
            {
              "name": "RHSA-2017:0196",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0196.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
    "assignerShortName": "google_android",
    "cveId": "CVE-2016-7117",
    "datePublished": "2016-10-10T10:00:00.000Z",
    "dateReserved": "2016-08-30T00:00:00.000Z",
    "dateUpdated": "2024-08-06T01:50:47.546Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-9191 (GCVE-0-2016-9191)

Vulnerability from cvelistv5 – Published: 2016-11-28 03:01 – Updated: 2024-08-06 02:42

Summary

The cgroup offline implementation in the Linux kernel through 4.8.11 mishandles certain drain operations, which allows local users to cause a denial of service (system hang) by leveraging access to a container environment for executing a crafted application, as demonstrated by trinity.

Severity

No CVSS data available.

CWE

Assigner

mitre

References

7 references

URL	Tags
http://www.openwall.com/lists/oss-security/2016/11/05/4	mailing-listx_refsource_MLIST
https://support.hpe.com/hpsc/doc/public/display?d…	x_refsource_CONFIRM
http://git.kernel.org/cgit/linux/kernel/git/torva…	x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=1392439	x_refsource_CONFIRM
http://www.securityfocus.com/bid/94129	vdb-entryx_refsource_BID
https://github.com/torvalds/linux/commit/93362fa4…	x_refsource_CONFIRM
http://www.debian.org/security/2017/dsa-3791	vendor-advisoryx_refsource_DEBIAN

Date Public

2016-11-05 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:42:11.183Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20161105 Re: CVE request: linux kernel - local DoS with cgroup offline code",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/11/05/4"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03802en_us"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=93362fa47fe98b62e4a34ab408c4a418432e7939"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1392439"
          },
          {
            "name": "94129",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94129"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/93362fa47fe98b62e4a34ab408c4a418432e7939"
          },
          {
            "name": "DSA-3791",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3791"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-11-05T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The cgroup offline implementation in the Linux kernel through 4.8.11 mishandles certain drain operations, which allows local users to cause a denial of service (system hang) by leveraging access to a container environment for executing a crafted application, as demonstrated by trinity."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-05-09T09:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[oss-security] 20161105 Re: CVE request: linux kernel - local DoS with cgroup offline code",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/11/05/4"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03802en_us"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=93362fa47fe98b62e4a34ab408c4a418432e7939"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1392439"
        },
        {
          "name": "94129",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94129"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/torvalds/linux/commit/93362fa47fe98b62e4a34ab408c4a418432e7939"
        },
        {
          "name": "DSA-3791",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3791"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-9191",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The cgroup offline implementation in the Linux kernel through 4.8.11 mishandles certain drain operations, which allows local users to cause a denial of service (system hang) by leveraging access to a container environment for executing a crafted application, as demonstrated by trinity."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[oss-security] 20161105 Re: CVE request: linux kernel - local DoS with cgroup offline code",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/11/05/4"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03802en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03802en_us"
            },
            {
              "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=93362fa47fe98b62e4a34ab408c4a418432e7939",
              "refsource": "CONFIRM",
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=93362fa47fe98b62e4a34ab408c4a418432e7939"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1392439",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1392439"
            },
            {
              "name": "94129",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/94129"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/93362fa47fe98b62e4a34ab408c4a418432e7939",
              "refsource": "CONFIRM",
              "url": "https://github.com/torvalds/linux/commit/93362fa47fe98b62e4a34ab408c4a418432e7939"
            },
            {
              "name": "DSA-3791",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3791"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-9191",
    "datePublished": "2016-11-28T03:01:00.000Z",
    "dateReserved": "2016-11-05T00:00:00.000Z",
    "dateUpdated": "2024-08-06T02:42:11.183Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-9588 (GCVE-0-2016-9588)

Vulnerability from cvelistv5 – Published: 2016-12-28 07:42 – Updated: 2024-08-06 02:59

Summary

arch/x86/kvm/vmx.c in the Linux kernel through 4.9 mismanages the #BP and #OF exceptions, which allows guest OS users to cause a denial of service (guest OS crash) by declining to handle an exception thrown by an L2 guest.

Severity

No CVSS data available.

CWE

Assigner

redhat

References

10 references

URL	Tags
https://github.com/torvalds/linux/commit/ef85b673…	x_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2016/12/15/3	mailing-listx_refsource_MLIST
https://access.redhat.com/errata/RHSA-2017:2077	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:1842	vendor-advisoryx_refsource_REDHAT
https://usn.ubuntu.com/3822-2/	vendor-advisoryx_refsource_UBUNTU
http://www.debian.org/security/2017/dsa-3804	vendor-advisoryx_refsource_DEBIAN
http://www.securityfocus.com/bid/94933	vdb-entryx_refsource_BID
https://bugzilla.redhat.com/show_bug.cgi?id=1404924	x_refsource_CONFIRM
https://usn.ubuntu.com/3822-1/	vendor-advisoryx_refsource_UBUNTU
http://git.kernel.org/cgit/linux/kernel/git/torva…	x_refsource_CONFIRM

Date Public

2016-12-15 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:59:02.277Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/ef85b67385436ddc1998f45f1d6a210f935b3388"
          },
          {
            "name": "[oss-security] 20161215 CVE-2016-9588 Kernel: kvm: nVMX: uncaught software exceptions in L1 guest lead to DoS",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/12/15/3"
          },
          {
            "name": "RHSA-2017:2077",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2077"
          },
          {
            "name": "RHSA-2017:1842",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1842"
          },
          {
            "name": "USN-3822-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3822-2/"
          },
          {
            "name": "DSA-3804",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3804"
          },
          {
            "name": "94933",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94933"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1404924"
          },
          {
            "name": "USN-3822-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3822-1/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ef85b67385436ddc1998f45f1d6a210f935b3388"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-12-15T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "arch/x86/kvm/vmx.c in the Linux kernel through 4.9 mismanages the #BP and #OF exceptions, which allows guest OS users to cause a denial of service (guest OS crash) by declining to handle an exception thrown by an L2 guest."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-11-28T10:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/torvalds/linux/commit/ef85b67385436ddc1998f45f1d6a210f935b3388"
        },
        {
          "name": "[oss-security] 20161215 CVE-2016-9588 Kernel: kvm: nVMX: uncaught software exceptions in L1 guest lead to DoS",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/12/15/3"
        },
        {
          "name": "RHSA-2017:2077",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2077"
        },
        {
          "name": "RHSA-2017:1842",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1842"
        },
        {
          "name": "USN-3822-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3822-2/"
        },
        {
          "name": "DSA-3804",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3804"
        },
        {
          "name": "94933",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94933"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1404924"
        },
        {
          "name": "USN-3822-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3822-1/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ef85b67385436ddc1998f45f1d6a210f935b3388"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-9588",
    "datePublished": "2016-12-28T07:42:00.000Z",
    "dateReserved": "2016-11-23T00:00:00.000Z",
    "dateUpdated": "2024-08-06T02:59:02.277Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-9604 (GCVE-0-2016-9604)

Vulnerability from cvelistv5 – Published: 2018-07-11 13:00 – Updated: 2024-08-06 02:59

Summary

It was discovered in the Linux kernel before 4.11-rc8 that root can gain direct access to an internal keyring, such as '.dns_resolver' in RHEL-7 or '.builtin_trusted_keys' upstream, by joining it as its session keyring. This allows root to bypass module signature verification by adding a new public key of its own devising to the keyring.

Severity

4.4 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

CWE

CWE-732

Assigner

redhat

References

8 references

URL	Tags
https://git.kernel.org/pub/scm/linux/kernel/git/t…	x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2017:2669	vendor-advisoryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2…	x_refsource_CONFIRM
https://bugzilla.novell.com/show_bug.cgi?id=1035576	x_refsource_CONFIRM
http://people.canonical.com/~ubuntu-security/cve/…	x_refsource_CONFIRM
http://www.securityfocus.com/bid/102135	vdb-entryx_refsource_BID
https://access.redhat.com/errata/RHSA-2017:2077	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:1842	vendor-advisoryx_refsource_REDHAT

Impacted products

1 product

Vendor	Product	Version
kernel	security	Affected: kernel 4.11-rc8

Date Public

2017-04-18 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:59:03.056Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ee8f844e3c5a73b999edf733df1c529d6503ec2f"
          },
          {
            "name": "RHSA-2017:2669",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2669"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9604"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.novell.com/show_bug.cgi?id=1035576"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9604.html"
          },
          {
            "name": "102135",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102135"
          },
          {
            "name": "RHSA-2017:2077",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2077"
          },
          {
            "name": "RHSA-2017:1842",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1842"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "security",
          "vendor": "kernel",
          "versions": [
            {
              "status": "affected",
              "version": "kernel 4.11-rc8"
            }
          ]
        }
      ],
      "datePublic": "2017-04-18T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "It was discovered in the Linux kernel before 4.11-rc8 that root can gain direct access to an internal keyring, such as \u0027.dns_resolver\u0027 in RHEL-7 or \u0027.builtin_trusted_keys\u0027 upstream, by joining it as its session keyring. This allows root to bypass module signature verification by adding a new public key of its own devising to the keyring."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-732",
              "description": "CWE-732",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-12T09:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ee8f844e3c5a73b999edf733df1c529d6503ec2f"
        },
        {
          "name": "RHSA-2017:2669",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2669"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9604"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.novell.com/show_bug.cgi?id=1035576"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9604.html"
        },
        {
          "name": "102135",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102135"
        },
        {
          "name": "RHSA-2017:2077",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2077"
        },
        {
          "name": "RHSA-2017:1842",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1842"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2016-9604",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "security",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "kernel 4.11-rc8"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "kernel"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "It was discovered in the Linux kernel before 4.11-rc8 that root can gain direct access to an internal keyring, such as \u0027.dns_resolver\u0027 in RHEL-7 or \u0027.builtin_trusted_keys\u0027 upstream, by joining it as its session keyring. This allows root to bypass module signature verification by adding a new public key of its own devising to the keyring."
            }
          ]
        },
        "impact": {
          "cvss": [
            [
              {
                "vectorString": "4.4/CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.0"
              }
            ],
            [
              {
                "vectorString": "1.2/AV:L/AC:H/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ]
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-732"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ee8f844e3c5a73b999edf733df1c529d6503ec2f",
              "refsource": "CONFIRM",
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ee8f844e3c5a73b999edf733df1c529d6503ec2f"
            },
            {
              "name": "RHSA-2017:2669",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2669"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9604",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9604"
            },
            {
              "name": "https://bugzilla.novell.com/show_bug.cgi?id=1035576",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.novell.com/show_bug.cgi?id=1035576"
            },
            {
              "name": "http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9604.html",
              "refsource": "CONFIRM",
              "url": "http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9604.html"
            },
            {
              "name": "102135",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/102135"
            },
            {
              "name": "RHSA-2017:2077",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2077"
            },
            {
              "name": "RHSA-2017:1842",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1842"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-9604",
    "datePublished": "2018-07-11T13:00:00.000Z",
    "dateReserved": "2016-11-23T00:00:00.000Z",
    "dateUpdated": "2024-08-06T02:59:03.056Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CERTFR-2017-AVI-162

Solution

CVE-2015-1350 (GCVE-0-2015-1350)

CVE-2016-1004 (GCVE-0-2016-1004)

CVE-2016-1020 (GCVE-0-2016-1020)

CVE-2016-2117 (GCVE-0-2016-2117)

CVE-2016-3070 (GCVE-0-2016-3070)

CVE-2016-5243 (GCVE-0-2016-5243)

CVE-2016-7117 (GCVE-0-2016-7117)

CVE-2016-9191 (GCVE-0-2016-9191)

CVE-2016-9588 (GCVE-0-2016-9588)

CVE-2016-9604 (GCVE-0-2016-9604)

Tags

Sightings

Nomenclature