Vulnerability-Lookup

RHSA-2016:2107

Vulnerability from csaf_redhat - Published: 2016-10-26 10:47 - Updated: 2026-04-11 22:06

Summary

Red Hat Security Advisory: kernel-rt security update

Severity

Important

Notes

Topic: An update for kernel-rt is now available for Red Hat Enterprise MRG 2.5. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system. (CVE-2016-5195, Important) * Linux kernel built with the 802.1Q/802.1ad VLAN(CONFIG_VLAN_8021Q) OR Virtual eXtensible Local Area Network(CONFIG_VXLAN) with Transparent Ethernet Bridging(TEB) GRO support, is vulnerable to a stack overflow issue. It could occur while receiving large packets via GRO path; As an unlimited recursion could unfold in both VLAN and TEB modules, leading to a stack corruption in the kernel. (CVE-2016-7039, Important) Red Hat would like to thank Phil Oester for reporting CVE-2016-5195.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2016-5195

A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system.

7.8 (High)


                        
                          CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Vendor Fix For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. https://access.redhat.com/errata/RHSA-2016:2107

Workaround Please see bug 1384344 comment #13 (https://bugzilla.redhat.com/show_bug.cgi?id=1384344#c13) for details on how to mitigate this issue.

CVE-2016-7039

Linux kernel built with the 802.1Q/802.1ad VLAN(CONFIG_VLAN_8021Q) OR Virtual eXtensible Local Area Network(CONFIG_VXLAN) with Transparent Ethernet Bridging(TEB) GRO support, is vulnerable to a stack overflow issue. It could occur while receiving large packets via GRO path, as an unlimited recursion could unfold in both VLAN and TEB modules, leading to a stack corruption in the kernel.

7.5 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-674 - Uncontrolled Recursion

CVE-2016-8666

A flaw was found in the way the Linux kernel's networking subsystem handled offloaded packets with multiple layers of encapsulation in the GRO (Generic Receive Offload) code path. A remote attacker could use this flaw to trigger unbounded recursion in the kernel that could lead to stack corruption, resulting in a system crash.

7.5 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-674 - Uncontrolled Recursion

References

URL

Category

	https://access.redhat.com/errata/RHSA-2016:2107	self
	https://access.redhat.com/security/updates/classi…	external
	https://access.redhat.com/security/vulnerabilitie…	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1375944	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1384344	external
	https://security.access.redhat.com/data/csaf/v2/a…	self
	https://access.redhat.com/security/cve/CVE-2016-5195	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1384344	external
	https://access.redhat.com/security/vulnerabilitie…	external
	https://www.cve.org/CVERecord?id=CVE-2016-5195	external
	https://nvd.nist.gov/vuln/detail/CVE-2016-5195	external
	https://www.cisa.gov/known-exploited-vulnerabilit…	external
	https://access.redhat.com/security/cve/CVE-2016-7039	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1375944	external
	https://www.cve.org/CVERecord?id=CVE-2016-7039	external
	https://nvd.nist.gov/vuln/detail/CVE-2016-7039	external
	https://access.redhat.com/security/cve/CVE-2016-8666	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1384991	external
	https://www.cve.org/CVERecord?id=CVE-2016-8666	external
	https://nvd.nist.gov/vuln/detail/CVE-2016-8666	external

Acknowledgments

Phil Oester

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for kernel-rt is now available for Red Hat Enterprise MRG 2.5.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* A race condition was found in the way the Linux kernel\u0027s memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system. (CVE-2016-5195, Important)\n\n* Linux kernel built with the 802.1Q/802.1ad VLAN(CONFIG_VLAN_8021Q) OR Virtual eXtensible Local Area Network(CONFIG_VXLAN) with Transparent Ethernet Bridging(TEB) GRO support, is vulnerable to a stack overflow issue. It could occur while receiving large packets via GRO path; As an unlimited recursion could unfold in both VLAN and TEB modules, leading to a stack corruption in the kernel. (CVE-2016-7039, Important)\n\nRed Hat would like to thank Phil Oester for reporting CVE-2016-5195.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2016:2107",
        "url": "https://access.redhat.com/errata/RHSA-2016:2107"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/vulnerabilities/2706661",
        "url": "https://access.redhat.com/security/vulnerabilities/2706661"
      },
      {
        "category": "external",
        "summary": "1375944",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375944"
      },
      {
        "category": "external",
        "summary": "1384344",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384344"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2016/rhsa-2016_2107.json"
      }
    ],
    "title": "Red Hat Security Advisory: kernel-rt security update",
    "tracking": {
      "current_release_date": "2026-04-11T22:06:32+00:00",
      "generator": {
        "date": "2026-04-11T22:06:32+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.7.5"
        }
      },
      "id": "RHSA-2016:2107",
      "initial_release_date": "2016-10-26T10:47:33+00:00",
      "revision_history": [
        {
          "date": "2016-10-26T10:47:33+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2016-10-26T10:47:33+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-04-11T22:06:32+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat MRG Realtime for RHEL 6 Server v.2",
                "product": {
                  "name": "Red Hat MRG Realtime for RHEL 6 Server v.2",
                  "product_id": "6Server-MRG-Realtime-2",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:enterprise_mrg:2:server:el6"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise MRG for RHEL-6"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-rt-doc-1:3.10.0-327.rt56.198.el6rt.noarch",
                "product": {
                  "name": "kernel-rt-doc-1:3.10.0-327.rt56.198.el6rt.noarch",
                  "product_id": "kernel-rt-doc-1:3.10.0-327.rt56.198.el6rt.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-doc@3.10.0-327.rt56.198.el6rt?arch=noarch\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-firmware-1:3.10.0-327.rt56.198.el6rt.noarch",
                "product": {
                  "name": "kernel-rt-firmware-1:3.10.0-327.rt56.198.el6rt.noarch",
                  "product_id": "kernel-rt-firmware-1:3.10.0-327.rt56.198.el6rt.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-firmware@3.10.0-327.rt56.198.el6rt?arch=noarch\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-rt-1:3.10.0-327.rt56.198.el6rt.x86_64",
                "product": {
                  "name": "kernel-rt-1:3.10.0-327.rt56.198.el6rt.x86_64",
                  "product_id": "kernel-rt-1:3.10.0-327.rt56.198.el6rt.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt@3.10.0-327.rt56.198.el6rt?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-vanilla-1:3.10.0-327.rt56.198.el6rt.x86_64",
                "product": {
                  "name": "kernel-rt-vanilla-1:3.10.0-327.rt56.198.el6rt.x86_64",
                  "product_id": "kernel-rt-vanilla-1:3.10.0-327.rt56.198.el6rt.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-vanilla@3.10.0-327.rt56.198.el6rt?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-trace-1:3.10.0-327.rt56.198.el6rt.x86_64",
                "product": {
                  "name": "kernel-rt-trace-1:3.10.0-327.rt56.198.el6rt.x86_64",
                  "product_id": "kernel-rt-trace-1:3.10.0-327.rt56.198.el6rt.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-trace@3.10.0-327.rt56.198.el6rt?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-debug-1:3.10.0-327.rt56.198.el6rt.x86_64",
                "product": {
                  "name": "kernel-rt-debug-1:3.10.0-327.rt56.198.el6rt.x86_64",
                  "product_id": "kernel-rt-debug-1:3.10.0-327.rt56.198.el6rt.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-debug@3.10.0-327.rt56.198.el6rt?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-debug-devel-1:3.10.0-327.rt56.198.el6rt.x86_64",
                "product": {
                  "name": "kernel-rt-debug-devel-1:3.10.0-327.rt56.198.el6rt.x86_64",
                  "product_id": "kernel-rt-debug-devel-1:3.10.0-327.rt56.198.el6rt.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-debug-devel@3.10.0-327.rt56.198.el6rt?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-debuginfo-common-x86_64-1:3.10.0-327.rt56.198.el6rt.x86_64",
                "product": {
                  "name": "kernel-rt-debuginfo-common-x86_64-1:3.10.0-327.rt56.198.el6rt.x86_64",
                  "product_id": "kernel-rt-debuginfo-common-x86_64-1:3.10.0-327.rt56.198.el6rt.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-debuginfo-common-x86_64@3.10.0-327.rt56.198.el6rt?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-debug-debuginfo-1:3.10.0-327.rt56.198.el6rt.x86_64",
                "product": {
                  "name": "kernel-rt-debug-debuginfo-1:3.10.0-327.rt56.198.el6rt.x86_64",
                  "product_id": "kernel-rt-debug-debuginfo-1:3.10.0-327.rt56.198.el6rt.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-debug-debuginfo@3.10.0-327.rt56.198.el6rt?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-trace-debuginfo-1:3.10.0-327.rt56.198.el6rt.x86_64",
                "product": {
                  "name": "kernel-rt-trace-debuginfo-1:3.10.0-327.rt56.198.el6rt.x86_64",
                  "product_id": "kernel-rt-trace-debuginfo-1:3.10.0-327.rt56.198.el6rt.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-trace-debuginfo@3.10.0-327.rt56.198.el6rt?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-trace-devel-1:3.10.0-327.rt56.198.el6rt.x86_64",
                "product": {
                  "name": "kernel-rt-trace-devel-1:3.10.0-327.rt56.198.el6rt.x86_64",
                  "product_id": "kernel-rt-trace-devel-1:3.10.0-327.rt56.198.el6rt.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-trace-devel@3.10.0-327.rt56.198.el6rt?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-debuginfo-1:3.10.0-327.rt56.198.el6rt.x86_64",
                "product": {
                  "name": "kernel-rt-debuginfo-1:3.10.0-327.rt56.198.el6rt.x86_64",
                  "product_id": "kernel-rt-debuginfo-1:3.10.0-327.rt56.198.el6rt.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-debuginfo@3.10.0-327.rt56.198.el6rt?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-devel-1:3.10.0-327.rt56.198.el6rt.x86_64",
                "product": {
                  "name": "kernel-rt-devel-1:3.10.0-327.rt56.198.el6rt.x86_64",
                  "product_id": "kernel-rt-devel-1:3.10.0-327.rt56.198.el6rt.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-devel@3.10.0-327.rt56.198.el6rt?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-vanilla-devel-1:3.10.0-327.rt56.198.el6rt.x86_64",
                "product": {
                  "name": "kernel-rt-vanilla-devel-1:3.10.0-327.rt56.198.el6rt.x86_64",
                  "product_id": "kernel-rt-vanilla-devel-1:3.10.0-327.rt56.198.el6rt.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-vanilla-devel@3.10.0-327.rt56.198.el6rt?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-vanilla-debuginfo-1:3.10.0-327.rt56.198.el6rt.x86_64",
                "product": {
                  "name": "kernel-rt-vanilla-debuginfo-1:3.10.0-327.rt56.198.el6rt.x86_64",
                  "product_id": "kernel-rt-vanilla-debuginfo-1:3.10.0-327.rt56.198.el6rt.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-vanilla-debuginfo@3.10.0-327.rt56.198.el6rt?arch=x86_64\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-rt-1:3.10.0-327.rt56.198.el6rt.src",
                "product": {
                  "name": "kernel-rt-1:3.10.0-327.rt56.198.el6rt.src",
                  "product_id": "kernel-rt-1:3.10.0-327.rt56.198.el6rt.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt@3.10.0-327.rt56.198.el6rt?arch=src\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-1:3.10.0-327.rt56.198.el6rt.src as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
          "product_id": "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-327.rt56.198.el6rt.src"
        },
        "product_reference": "kernel-rt-1:3.10.0-327.rt56.198.el6rt.src",
        "relates_to_product_reference": "6Server-MRG-Realtime-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-1:3.10.0-327.rt56.198.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
          "product_id": "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-327.rt56.198.el6rt.x86_64"
        },
        "product_reference": "kernel-rt-1:3.10.0-327.rt56.198.el6rt.x86_64",
        "relates_to_product_reference": "6Server-MRG-Realtime-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-1:3.10.0-327.rt56.198.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
          "product_id": "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-327.rt56.198.el6rt.x86_64"
        },
        "product_reference": "kernel-rt-debug-1:3.10.0-327.rt56.198.el6rt.x86_64",
        "relates_to_product_reference": "6Server-MRG-Realtime-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-debuginfo-1:3.10.0-327.rt56.198.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
          "product_id": "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-327.rt56.198.el6rt.x86_64"
        },
        "product_reference": "kernel-rt-debug-debuginfo-1:3.10.0-327.rt56.198.el6rt.x86_64",
        "relates_to_product_reference": "6Server-MRG-Realtime-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-devel-1:3.10.0-327.rt56.198.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
          "product_id": "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-327.rt56.198.el6rt.x86_64"
        },
        "product_reference": "kernel-rt-debug-devel-1:3.10.0-327.rt56.198.el6rt.x86_64",
        "relates_to_product_reference": "6Server-MRG-Realtime-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debuginfo-1:3.10.0-327.rt56.198.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
          "product_id": "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-327.rt56.198.el6rt.x86_64"
        },
        "product_reference": "kernel-rt-debuginfo-1:3.10.0-327.rt56.198.el6rt.x86_64",
        "relates_to_product_reference": "6Server-MRG-Realtime-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debuginfo-common-x86_64-1:3.10.0-327.rt56.198.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
          "product_id": "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-327.rt56.198.el6rt.x86_64"
        },
        "product_reference": "kernel-rt-debuginfo-common-x86_64-1:3.10.0-327.rt56.198.el6rt.x86_64",
        "relates_to_product_reference": "6Server-MRG-Realtime-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-devel-1:3.10.0-327.rt56.198.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
          "product_id": "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-327.rt56.198.el6rt.x86_64"
        },
        "product_reference": "kernel-rt-devel-1:3.10.0-327.rt56.198.el6rt.x86_64",
        "relates_to_product_reference": "6Server-MRG-Realtime-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-doc-1:3.10.0-327.rt56.198.el6rt.noarch as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
          "product_id": "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-327.rt56.198.el6rt.noarch"
        },
        "product_reference": "kernel-rt-doc-1:3.10.0-327.rt56.198.el6rt.noarch",
        "relates_to_product_reference": "6Server-MRG-Realtime-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-firmware-1:3.10.0-327.rt56.198.el6rt.noarch as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
          "product_id": "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-327.rt56.198.el6rt.noarch"
        },
        "product_reference": "kernel-rt-firmware-1:3.10.0-327.rt56.198.el6rt.noarch",
        "relates_to_product_reference": "6Server-MRG-Realtime-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-trace-1:3.10.0-327.rt56.198.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
          "product_id": "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-327.rt56.198.el6rt.x86_64"
        },
        "product_reference": "kernel-rt-trace-1:3.10.0-327.rt56.198.el6rt.x86_64",
        "relates_to_product_reference": "6Server-MRG-Realtime-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-trace-debuginfo-1:3.10.0-327.rt56.198.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
          "product_id": "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-327.rt56.198.el6rt.x86_64"
        },
        "product_reference": "kernel-rt-trace-debuginfo-1:3.10.0-327.rt56.198.el6rt.x86_64",
        "relates_to_product_reference": "6Server-MRG-Realtime-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-trace-devel-1:3.10.0-327.rt56.198.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
          "product_id": "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-327.rt56.198.el6rt.x86_64"
        },
        "product_reference": "kernel-rt-trace-devel-1:3.10.0-327.rt56.198.el6rt.x86_64",
        "relates_to_product_reference": "6Server-MRG-Realtime-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-vanilla-1:3.10.0-327.rt56.198.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
          "product_id": "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-327.rt56.198.el6rt.x86_64"
        },
        "product_reference": "kernel-rt-vanilla-1:3.10.0-327.rt56.198.el6rt.x86_64",
        "relates_to_product_reference": "6Server-MRG-Realtime-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-vanilla-debuginfo-1:3.10.0-327.rt56.198.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
          "product_id": "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-327.rt56.198.el6rt.x86_64"
        },
        "product_reference": "kernel-rt-vanilla-debuginfo-1:3.10.0-327.rt56.198.el6rt.x86_64",
        "relates_to_product_reference": "6Server-MRG-Realtime-2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-vanilla-devel-1:3.10.0-327.rt56.198.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
          "product_id": "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-327.rt56.198.el6rt.x86_64"
        },
        "product_reference": "kernel-rt-vanilla-devel-1:3.10.0-327.rt56.198.el6rt.x86_64",
        "relates_to_product_reference": "6Server-MRG-Realtime-2"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Phil Oester"
          ]
        }
      ],
      "cve": "CVE-2016-5195",
      "discovery_date": "2016-10-13T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1384344"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A race condition was found in the way the Linux kernel\u0027s memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: mm: privilege escalation via MAP_PRIVATE COW breakage",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6, 7 and MRG 2.x. This issue has been rated as having Important security impact.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-327.rt56.198.el6rt.src",
          "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-327.rt56.198.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-327.rt56.198.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-327.rt56.198.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-327.rt56.198.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-327.rt56.198.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-327.rt56.198.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-327.rt56.198.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-327.rt56.198.el6rt.noarch",
          "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-327.rt56.198.el6rt.noarch",
          "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-327.rt56.198.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-327.rt56.198.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-327.rt56.198.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-327.rt56.198.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-327.rt56.198.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-327.rt56.198.el6rt.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2016-5195"
        },
        {
          "category": "external",
          "summary": "RHBZ#1384344",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384344"
        },
        {
          "category": "external",
          "summary": "RHSB-DirtyCow",
          "url": "https://access.redhat.com/security/vulnerabilities/DirtyCow"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2016-5195",
          "url": "https://www.cve.org/CVERecord?id=CVE-2016-5195"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5195",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5195"
        },
        {
          "category": "external",
          "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
          "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        }
      ],
      "release_date": "2016-10-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2016-10-26T10:47:33+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-327.rt56.198.el6rt.src",
            "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-327.rt56.198.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-327.rt56.198.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-327.rt56.198.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-327.rt56.198.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-327.rt56.198.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-327.rt56.198.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-327.rt56.198.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-327.rt56.198.el6rt.noarch",
            "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-327.rt56.198.el6rt.noarch",
            "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-327.rt56.198.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-327.rt56.198.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-327.rt56.198.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-327.rt56.198.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-327.rt56.198.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-327.rt56.198.el6rt.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2016:2107"
        },
        {
          "category": "workaround",
          "details": "Please see bug 1384344 comment #13 (https://bugzilla.redhat.com/show_bug.cgi?id=1384344#c13) for details on how to mitigate this issue.",
          "product_ids": [
            "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-327.rt56.198.el6rt.src",
            "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-327.rt56.198.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-327.rt56.198.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-327.rt56.198.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-327.rt56.198.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-327.rt56.198.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-327.rt56.198.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-327.rt56.198.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-327.rt56.198.el6rt.noarch",
            "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-327.rt56.198.el6rt.noarch",
            "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-327.rt56.198.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-327.rt56.198.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-327.rt56.198.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-327.rt56.198.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-327.rt56.198.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-327.rt56.198.el6rt.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.9,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-327.rt56.198.el6rt.src",
            "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-327.rt56.198.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-327.rt56.198.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-327.rt56.198.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-327.rt56.198.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-327.rt56.198.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-327.rt56.198.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-327.rt56.198.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-327.rt56.198.el6rt.noarch",
            "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-327.rt56.198.el6rt.noarch",
            "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-327.rt56.198.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-327.rt56.198.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-327.rt56.198.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-327.rt56.198.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-327.rt56.198.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-327.rt56.198.el6rt.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "exploit_status",
          "date": "2022-03-03T00:00:00+00:00",
          "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        },
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "kernel: mm: privilege escalation via MAP_PRIVATE COW breakage"
    },
    {
      "cve": "CVE-2016-7039",
      "cwe": {
        "id": "CWE-674",
        "name": "Uncontrolled Recursion"
      },
      "discovery_date": "2016-09-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1375944"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Linux kernel built with the 802.1Q/802.1ad VLAN(CONFIG_VLAN_8021Q) OR Virtual eXtensible Local Area Network(CONFIG_VXLAN) with Transparent Ethernet Bridging(TEB) GRO support, is vulnerable to a stack overflow issue. It could occur while receiving large packets via GRO path, as an unlimited recursion could unfold in both VLAN and TEB modules, leading to a stack corruption in the kernel.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: remotely triggerable unbounded recursion in the vlan gro code leading to a kernel crash",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-327.rt56.198.el6rt.src",
          "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-327.rt56.198.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-327.rt56.198.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-327.rt56.198.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-327.rt56.198.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-327.rt56.198.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-327.rt56.198.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-327.rt56.198.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-327.rt56.198.el6rt.noarch",
          "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-327.rt56.198.el6rt.noarch",
          "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-327.rt56.198.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-327.rt56.198.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-327.rt56.198.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-327.rt56.198.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-327.rt56.198.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-327.rt56.198.el6rt.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2016-7039"
        },
        {
          "category": "external",
          "summary": "RHBZ#1375944",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375944"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2016-7039",
          "url": "https://www.cve.org/CVERecord?id=CVE-2016-7039"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-7039",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7039"
        }
      ],
      "release_date": "2016-10-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2016-10-26T10:47:33+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-327.rt56.198.el6rt.src",
            "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-327.rt56.198.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-327.rt56.198.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-327.rt56.198.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-327.rt56.198.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-327.rt56.198.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-327.rt56.198.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-327.rt56.198.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-327.rt56.198.el6rt.noarch",
            "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-327.rt56.198.el6rt.noarch",
            "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-327.rt56.198.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-327.rt56.198.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-327.rt56.198.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-327.rt56.198.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-327.rt56.198.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-327.rt56.198.el6rt.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2016:2107"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.1,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-327.rt56.198.el6rt.src",
            "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-327.rt56.198.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-327.rt56.198.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-327.rt56.198.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-327.rt56.198.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-327.rt56.198.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-327.rt56.198.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-327.rt56.198.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-327.rt56.198.el6rt.noarch",
            "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-327.rt56.198.el6rt.noarch",
            "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-327.rt56.198.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-327.rt56.198.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-327.rt56.198.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-327.rt56.198.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-327.rt56.198.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-327.rt56.198.el6rt.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "kernel: remotely triggerable unbounded recursion in the vlan gro code leading to a kernel crash"
    },
    {
      "cve": "CVE-2016-8666",
      "cwe": {
        "id": "CWE-674",
        "name": "Uncontrolled Recursion"
      },
      "discovery_date": "2016-10-13T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1384991"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the way the Linux kernel\u0027s networking subsystem handled offloaded packets with multiple layers of encapsulation in the GRO (Generic Receive Offload) code path. A remote attacker could use this flaw to trigger unbounded recursion in the kernel that could lead to stack corruption, resulting in a system crash.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: Remotely triggerable recursion in GRE code leading to kernel crash",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-327.rt56.198.el6rt.src",
          "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-327.rt56.198.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-327.rt56.198.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-327.rt56.198.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-327.rt56.198.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-327.rt56.198.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-327.rt56.198.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-327.rt56.198.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-327.rt56.198.el6rt.noarch",
          "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-327.rt56.198.el6rt.noarch",
          "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-327.rt56.198.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-327.rt56.198.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-327.rt56.198.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-327.rt56.198.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-327.rt56.198.el6rt.x86_64",
          "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-327.rt56.198.el6rt.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2016-8666"
        },
        {
          "category": "external",
          "summary": "RHBZ#1384991",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384991"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2016-8666",
          "url": "https://www.cve.org/CVERecord?id=CVE-2016-8666"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-8666",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8666"
        }
      ],
      "release_date": "2016-10-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2016-10-26T10:47:33+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-327.rt56.198.el6rt.src",
            "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-327.rt56.198.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-327.rt56.198.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-327.rt56.198.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-327.rt56.198.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-327.rt56.198.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-327.rt56.198.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-327.rt56.198.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-327.rt56.198.el6rt.noarch",
            "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-327.rt56.198.el6rt.noarch",
            "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-327.rt56.198.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-327.rt56.198.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-327.rt56.198.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-327.rt56.198.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-327.rt56.198.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-327.rt56.198.el6rt.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2016:2107"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.1,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-327.rt56.198.el6rt.src",
            "6Server-MRG-Realtime-2:kernel-rt-1:3.10.0-327.rt56.198.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debug-1:3.10.0-327.rt56.198.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-1:3.10.0-327.rt56.198.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debug-devel-1:3.10.0-327.rt56.198.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debuginfo-1:3.10.0-327.rt56.198.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-1:3.10.0-327.rt56.198.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-devel-1:3.10.0-327.rt56.198.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-doc-1:3.10.0-327.rt56.198.el6rt.noarch",
            "6Server-MRG-Realtime-2:kernel-rt-firmware-1:3.10.0-327.rt56.198.el6rt.noarch",
            "6Server-MRG-Realtime-2:kernel-rt-trace-1:3.10.0-327.rt56.198.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-1:3.10.0-327.rt56.198.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-trace-devel-1:3.10.0-327.rt56.198.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-vanilla-1:3.10.0-327.rt56.198.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-1:3.10.0-327.rt56.198.el6rt.x86_64",
            "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-1:3.10.0-327.rt56.198.el6rt.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "kernel: Remotely triggerable recursion in GRE code leading to kernel crash"
    }
  ]
}

CVE-2016-8666 (GCVE-0-2016-8666)

Vulnerability from cvelistv5 – Published: 2016-10-16 21:00 – Updated: 2024-08-06 02:27

Summary

The IP stack in the Linux kernel before 4.6 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a related issue to CVE-2016-7039.

Severity ?

No CVSS data available.

CWE

Assigner

microfocus

References

URL

Tags

	http://rhn.redhat.com/errata/RHSA-2016-2107.html	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2017:0372	vendor-advisoryx_refsource_REDHAT
	https://bto.bluecoat.com/security-advisory/sa134	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/93562	vdb-entryx_refsource_BID
	http://git.kernel.org/cgit/linux/kernel/git/torva…	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2016-2047.html	vendor-advisoryx_refsource_REDHAT
	http://rhn.redhat.com/errata/RHSA-2016-2110.html	vendor-advisoryx_refsource_REDHAT
	http://www.openwall.com/lists/oss-security/2016/1…	mailing-listx_refsource_MLIST
	https://github.com/torvalds/linux/commit/fac8e0f5…	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2017-0004.html	vendor-advisoryx_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=1384991	x_refsource_CONFIRM
	https://bugzilla.suse.com/show_bug.cgi?id=1001486	x_refsource_CONFIRM

Date Public ?

2016-09-27 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:27:41.223Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2016:2107",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2107.html"
          },
          {
            "name": "RHSA-2017:0372",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:0372"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa134"
          },
          {
            "name": "93562",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/93562"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fac8e0f579695a3ecbc4d3cac369139d7f819971"
          },
          {
            "name": "RHSA-2016:2047",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2047.html"
          },
          {
            "name": "RHSA-2016:2110",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2110.html"
          },
          {
            "name": "[oss-security] 20161013 CVE Request: another recursion in GRE",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/10/13/11"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/fac8e0f579695a3ecbc4d3cac369139d7f819971"
          },
          {
            "name": "RHSA-2017:0004",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0004.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384991"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.suse.com/show_bug.cgi?id=1001486"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-09-27T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The IP stack in the Linux kernel before 4.6 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a related issue to CVE-2016-7039."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-06T16:16:08.000Z",
        "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "shortName": "microfocus"
      },
      "references": [
        {
          "name": "RHSA-2016:2107",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2107.html"
        },
        {
          "name": "RHSA-2017:0372",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:0372"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bto.bluecoat.com/security-advisory/sa134"
        },
        {
          "name": "93562",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/93562"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fac8e0f579695a3ecbc4d3cac369139d7f819971"
        },
        {
          "name": "RHSA-2016:2047",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2047.html"
        },
        {
          "name": "RHSA-2016:2110",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2110.html"
        },
        {
          "name": "[oss-security] 20161013 CVE Request: another recursion in GRE",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/10/13/11"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/torvalds/linux/commit/fac8e0f579695a3ecbc4d3cac369139d7f819971"
        },
        {
          "name": "RHSA-2017:0004",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0004.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384991"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.suse.com/show_bug.cgi?id=1001486"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@microfocus.com",
          "ID": "CVE-2016-8666",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The IP stack in the Linux kernel before 4.6 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a related issue to CVE-2016-7039."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2016:2107",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2107.html"
            },
            {
              "name": "RHSA-2017:0372",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:0372"
            },
            {
              "name": "https://bto.bluecoat.com/security-advisory/sa134",
              "refsource": "CONFIRM",
              "url": "https://bto.bluecoat.com/security-advisory/sa134"
            },
            {
              "name": "93562",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/93562"
            },
            {
              "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fac8e0f579695a3ecbc4d3cac369139d7f819971",
              "refsource": "CONFIRM",
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fac8e0f579695a3ecbc4d3cac369139d7f819971"
            },
            {
              "name": "RHSA-2016:2047",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2047.html"
            },
            {
              "name": "RHSA-2016:2110",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2110.html"
            },
            {
              "name": "[oss-security] 20161013 CVE Request: another recursion in GRE",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/10/13/11"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/fac8e0f579695a3ecbc4d3cac369139d7f819971",
              "refsource": "CONFIRM",
              "url": "https://github.com/torvalds/linux/commit/fac8e0f579695a3ecbc4d3cac369139d7f819971"
            },
            {
              "name": "RHSA-2017:0004",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0004.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1384991",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384991"
            },
            {
              "name": "https://bugzilla.suse.com/show_bug.cgi?id=1001486",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=1001486"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
    "assignerShortName": "microfocus",
    "cveId": "CVE-2016-8666",
    "datePublished": "2016-10-16T21:00:00.000Z",
    "dateReserved": "2016-10-14T00:00:00.000Z",
    "dateUpdated": "2024-08-06T02:27:41.223Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-5195 (GCVE-0-2016-5195)

Vulnerability from cvelistv5 – Published: 2016-11-10 21:00 – Updated: 2025-11-04 16:09

Summary

Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."

Severity ?

7 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

Assigner

Chrome

References

URL

Tags

	http://rhn.redhat.com/errata/RHSA-2016-2107.html	vendor-advisoryx_refsource_REDHAT
	https://www.exploit-db.com/exploits/40616/	exploitx_refsource_EXPLOIT-DB
	https://access.redhat.com/errata/RHSA-2017:0372	vendor-advisoryx_refsource_REDHAT
	https://bto.bluecoat.com/security-advisory/sa134	x_refsource_CONFIRM
	https://h20566.www2.hpe.com/portal/site/hpsc/publ…	x_refsource_CONFIRM
	http://www.oracle.com/technetwork/security-adviso…	x_refsource_CONFIRM
	https://www.exploit-db.com/exploits/40839/	exploitx_refsource_EXPLOIT-DB
	https://dirtycow.ninja	x_refsource_MISC
	https://www.exploit-db.com/exploits/40847/	exploitx_refsource_EXPLOIT-DB
	http://rhn.redhat.com/errata/RHSA-2016-2118.html	vendor-advisoryx_refsource_REDHAT
	http://rhn.redhat.com/errata/RHSA-2016-2128.html	vendor-advisoryx_refsource_REDHAT
	https://source.android.com/security/bulletin/2016…	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2016-2120.html	vendor-advisoryx_refsource_REDHAT
	http://www.openwall.com/lists/oss-security/2016/10/26/7	mailing-listx_refsource_MLIST
	http://rhn.redhat.com/errata/RHSA-2016-2133.html	vendor-advisoryx_refsource_REDHAT
	http://rhn.redhat.com/errata/RHSA-2016-2098.html	vendor-advisoryx_refsource_REDHAT
	https://h20566.www2.hpe.com/hpsc/doc/public/displ…	x_refsource_CONFIRM
	https://www.kb.cert.org/vuls/id/243144	third-party-advisoryx_refsource_CERT-VN
	https://bugzilla.suse.com/show_bug.cgi?id=1004418	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1037078	vdb-entryx_refsource_SECTRACK
	https://people.canonical.com/~ubuntu-security/cve…	x_refsource_CONFIRM
	https://h20566.www2.hpe.com/hpsc/doc/public/displ…	x_refsource_CONFIRM
	https://security.netapp.com/advisory/ntap-2016102…	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/93793	vdb-entryx_refsource_BID
	http://rhn.redhat.com/errata/RHSA-2016-2127.html	vendor-advisoryx_refsource_REDHAT
	https://security-tracker.debian.org/tracker/CVE-2…	x_refsource_CONFIRM
	https://github.com/dirtycow/dirtycow.github.io/wi…	x_refsource_MISC
	https://h20566.www2.hpe.com/hpsc/doc/public/displ…	x_refsource_CONFIRM
	https://github.com/torvalds/linux/commit/19be0eaf…	x_refsource_CONFIRM
	https://help.ecostruxureit.com/display/public/UAD…	x_refsource_CONFIRM
	https://github.com/dirtycow/dirtycow.github.io/wi…	x_refsource_MISC
	https://bugzilla.redhat.com/show_bug.cgi?id=1384344	x_refsource_CONFIRM
	https://access.redhat.com/security/vulnerabilitie…	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2016-2106.html	vendor-advisoryx_refsource_REDHAT
	http://git.kernel.org/cgit/linux/kernel/git/torva…	x_refsource_CONFIRM
	https://www.exploit-db.com/exploits/40611/	exploitx_refsource_EXPLOIT-DB
	https://access.redhat.com/security/cve/cve-2016-5195	x_refsource_CONFIRM
	https://source.android.com/security/bulletin/2016…	x_refsource_CONFIRM
	https://h20566.www2.hpe.com/portal/site/hpsc/publ…	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2016-2124.html	vendor-advisoryx_refsource_REDHAT
	http://www.kernel.org/pub/linux/kernel/v4.x/Chang…	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2016-2105.html	vendor-advisoryx_refsource_REDHAT
	http://rhn.redhat.com/errata/RHSA-2016-2126.html	vendor-advisoryx_refsource_REDHAT
	http://rhn.redhat.com/errata/RHSA-2016-2132.html	vendor-advisoryx_refsource_REDHAT
	http://rhn.redhat.com/errata/RHSA-2016-2110.html	vendor-advisoryx_refsource_REDHAT
	https://h20566.www2.hpe.com/hpsc/doc/public/displ…	x_refsource_CONFIRM
	https://h20566.www2.hpe.com/portal/site/hpsc/publ…	x_refsource_CONFIRM
	https://kc.mcafee.com/corporate/index?page=conten…	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://www.openwall.com/lists/oss-security/2016/1…	mailing-listx_refsource_MLIST
	http://www.ubuntu.com/usn/USN-3106-2	vendor-advisoryx_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://packetstormsecurity.com/files/139277/Kerne…	x_refsource_MISC
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://www.huawei.com/en/psirt/security-advisorie…	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://packetstormsecurity.com/files/142151/Kerne…	x_refsource_MISC
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://www.ubuntu.com/usn/USN-3106-3	vendor-advisoryx_refsource_UBUNTU
	https://h20566.www2.hpe.com/hpsc/doc/public/displ…	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	http://www.securityfocus.com/archive/1/archive/1/…	mailing-listx_refsource_BUGTRAQ
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	https://tools.cisco.com/security/center/content/C…	vendor-advisoryx_refsource_CISCO
	http://tools.cisco.com/security/center/content/Ci…	vendor-advisoryx_refsource_CISCO
	http://kb.juniper.net/InfoCenter/index?page=conte…	x_refsource_CONFIRM
	https://kc.mcafee.com/corporate/index?page=conten…	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://www.ubuntu.com/usn/USN-3105-2	vendor-advisoryx_refsource_UBUNTU
	http://www.ubuntu.com/usn/USN-3107-1	vendor-advisoryx_refsource_UBUNTU
	http://kb.juniper.net/InfoCenter/index?page=conte…	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/USN-3107-2	vendor-advisoryx_refsource_UBUNTU
	http://www.securityfocus.com/archive/1/540344/100…	mailing-listx_refsource_BUGTRAQ
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://www.ubuntu.com/usn/USN-3106-1	vendor-advisoryx_refsource_UBUNTU
	http://www.ubuntu.com/usn/USN-3106-4	vendor-advisoryx_refsource_UBUNTU
	http://www.openwall.com/lists/oss-security/2016/10/30/1	mailing-listx_refsource_MLIST
	http://packetstormsecurity.com/files/139923/Linux…	x_refsource_MISC
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://www.ubuntu.com/usn/USN-3104-2	vendor-advisoryx_refsource_UBUNTU
	http://fortiguard.com/advisory/FG-IR-16-063	x_refsource_CONFIRM
	http://kb.juniper.net/InfoCenter/index?page=conte…	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://www.securityfocus.com/archive/1/539611/100…	mailing-listx_refsource_BUGTRAQ
	http://packetstormsecurity.com/files/139922/Linux…	x_refsource_MISC
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://www.securityfocus.com/archive/1/archive/1/…	mailing-listx_refsource_BUGTRAQ
	http://www.ubuntu.com/usn/USN-3105-1	vendor-advisoryx_refsource_UBUNTU
	http://packetstormsecurity.com/files/139286/Dirty…	x_refsource_MISC
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	http://www.openwall.com/lists/oss-security/2016/11/03/7	mailing-listx_refsource_MLIST
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	https://kc.mcafee.com/corporate/index?page=conten…	x_refsource_CONFIRM
	http://www.debian.org/security/2016/dsa-3696	vendor-advisoryx_refsource_DEBIAN
	http://packetstormsecurity.com/files/139287/Dirty…	x_refsource_MISC
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://www.securityfocus.com/archive/1/archive/1/…	mailing-listx_refsource_BUGTRAQ
	http://www.securityfocus.com/archive/1/archive/1/…	mailing-listx_refsource_BUGTRAQ
	http://www.ubuntu.com/usn/USN-3104-1	vendor-advisoryx_refsource_UBUNTU
	http://www.securityfocus.com/archive/1/540736/100…	mailing-listx_refsource_BUGTRAQ
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://www.openwall.com/lists/oss-security/2016/10/21/1	mailing-listx_refsource_MLIST
	http://www.securityfocus.com/archive/1/540252/100…	mailing-listx_refsource_BUGTRAQ
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	https://security.paloaltonetworks.com/CVE-2016-5195	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	https://www.arista.com/en/support/advisories-noti…	x_refsource_MISC
	http://www.openwall.com/lists/oss-security/2022/03/07/1	mailing-listx_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2022/08/08/2	mailing-listx_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2022/08/08/1	mailing-listx_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2022/08/08/7	mailing-listx_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2022/08/08/8	mailing-listx_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2022/08/09/4	mailing-listx_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2022/08/15/1	mailing-listx_refsource_MLIST

Date Public ?

2016-10-20 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T16:09:08.278Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2016:2107",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2107.html"
          },
          {
            "name": "40616",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/40616/"
          },
          {
            "name": "RHSA-2017:0372",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:0372"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa134"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05352241"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
          },
          {
            "name": "40839",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/40839/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://dirtycow.ninja"
          },
          {
            "name": "40847",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/40847/"
          },
          {
            "name": "RHSA-2016:2118",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2118.html"
          },
          {
            "name": "RHSA-2016:2128",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2128.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://source.android.com/security/bulletin/2016-12-01.html"
          },
          {
            "name": "RHSA-2016:2120",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2120.html"
          },
          {
            "name": "[oss-security] 20161026 Re: CVE-2016-5195 \"Dirty COW\" Linux kernel privilege escalation vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/10/26/7"
          },
          {
            "name": "RHSA-2016:2133",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2133.html"
          },
          {
            "name": "RHSA-2016:2098",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2098.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03761en_us"
          },
          {
            "name": "VU#243144",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/243144"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.suse.com/show_bug.cgi?id=1004418"
          },
          {
            "name": "1037078",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037078"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5195.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03722en_us"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20161025-0001/"
          },
          {
            "name": "93793",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/93793"
          },
          {
            "name": "RHSA-2016:2127",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2127.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security-tracker.debian.org/tracker/CVE-2016-5195"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/dirtycow/dirtycow.github.io/wiki/PoCs"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03742en_us"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/19be0eaffa3ac7d8eb6784ad9bdbc7d67ed8e619"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/dirtycow/dirtycow.github.io/wiki/VulnerabilityDetails"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384344"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/vulnerabilities/2706661"
          },
          {
            "name": "RHSA-2016:2106",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2106.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=19be0eaffa3ac7d8eb6784ad9bdbc7d67ed8e619"
          },
          {
            "name": "40611",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/40611/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/cve-2016-5195"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://source.android.com/security/bulletin/2016-11-01.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05347541"
          },
          {
            "name": "RHSA-2016:2124",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2124.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.3"
          },
          {
            "name": "RHSA-2016:2105",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2105.html"
          },
          {
            "name": "RHSA-2016:2126",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2126.html"
          },
          {
            "name": "RHSA-2016:2132",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2132.html"
          },
          {
            "name": "RHSA-2016:2110",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2110.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03707en_us"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05341463"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10176"
          },
          {
            "name": "SUSE-SU-2016:2635",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00055.html"
          },
          {
            "name": "SUSE-SU-2016:2659",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00067.html"
          },
          {
            "name": "[oss-security] 20161027 CVE-2016-5195 test case",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/10/27/13"
          },
          {
            "name": "USN-3106-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3106-2"
          },
          {
            "name": "openSUSE-SU-2016:2583",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00034.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/139277/Kernel-Live-Patch-Security-Notice-LSN-0012-1.html"
          },
          {
            "name": "SUSE-SU-2016:2633",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00053.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161207-01-dirtycow-en"
          },
          {
            "name": "SUSE-SU-2016:2638",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00058.html"
          },
          {
            "name": "openSUSE-SU-2016:2584",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00035.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/142151/Kernel-Live-Patch-Security-Notice-LSN-0021-1.html"
          },
          {
            "name": "SUSE-SU-2016:2658",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00066.html"
          },
          {
            "name": "SUSE-SU-2016:2631",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00051.html"
          },
          {
            "name": "USN-3106-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3106-3"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05352241"
          },
          {
            "name": "SUSE-SU-2016:2655",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00064.html"
          },
          {
            "name": "FEDORA-2016-c3558808cd",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3APRVDVPDBXLH4DC5UKZVCR742MJIM3/"
          },
          {
            "name": "20170615 [security bulletin] HPESBGN03761 rev.1 - HPE Virtualization Performance Viewer (VPV)/ Cloud Optimizer using Linux, Remote Escalation of Privilege",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/archive/1/540736/100/0/threaded"
          },
          {
            "name": "SUSE-SU-2016:2637",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00057.html"
          },
          {
            "name": "SUSE-SU-2016:2596",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00040.html"
          },
          {
            "name": "SUSE-SU-2016:2634",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00054.html"
          },
          {
            "name": "20181107 Cisco TelePresence Video Communication Server Test Validation Script Issue",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-vcsd"
          },
          {
            "name": "20161026 Vulnerability in Linux Kernel Affecting Cisco Products: October 2016",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-linux"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10770"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10177"
          },
          {
            "name": "SUSE-SU-2016:2657",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00065.html"
          },
          {
            "name": "SUSE-SU-2016:2614",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00045.html"
          },
          {
            "name": "USN-3105-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3105-2"
          },
          {
            "name": "USN-3107-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3107-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10774"
          },
          {
            "name": "USN-3107-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3107-2"
          },
          {
            "name": "20170331 [security bulletin] HPESBGN03722 rev.1 - HPE Operations Agent, Local Escalation of Privilege",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/540344/100/0/threaded"
          },
          {
            "name": "openSUSE-SU-2016:2625",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00048.html"
          },
          {
            "name": "USN-3106-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3106-1"
          },
          {
            "name": "USN-3106-4",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3106-4"
          },
          {
            "name": "[oss-security] 20161030 Re: CVE-2016-5195 test case",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/10/30/1"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/139923/Linux-Kernel-Dirty-COW-PTRACE_POKEDATA-Privilege-Escalation.html"
          },
          {
            "name": "SUSE-SU-2016:2673",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00072.html"
          },
          {
            "name": "USN-3104-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3104-2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://fortiguard.com/advisory/FG-IR-16-063"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10807"
          },
          {
            "name": "SUSE-SU-2016:2629",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00049.html"
          },
          {
            "name": "20161020 [CVE-2016-5195] \"Dirty COW\" Linux privilege escalation vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/539611/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/139922/Linux-Kernel-Dirty-COW-PTRACE_POKEDATA-Privilege-Escalation.html"
          },
          {
            "name": "SUSE-SU-2016:2632",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00052.html"
          },
          {
            "name": "20170310 [security bulletin] HPESBGN03707 rev.1 - HPE ConvergedSystem 700 2.0 VMware Kit, Remote Increase of Privilege",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/archive/1/540252/100/0/threaded"
          },
          {
            "name": "USN-3105-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3105-1"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/139286/DirtyCow-Linux-Kernel-Race-Condition.html"
          },
          {
            "name": "SUSE-SU-2016:2630",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00050.html"
          },
          {
            "name": "FEDORA-2016-db4b75b352",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E7M62SRP6CZLJ4ZXCRZKV4WPLQBSR7DT/"
          },
          {
            "name": "FEDORA-2016-c8a0c7eece",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NWMDLBWMGZKFHMRJ7QUQVCERP5QHDB6W/"
          },
          {
            "name": "[oss-security] 20161103 Re: CVE-2016-5195 \"Dirty COW\" Linux kernel privilege escalation vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/11/03/7"
          },
          {
            "name": "SUSE-SU-2016:2636",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00056.html"
          },
          {
            "name": "SUSE-SU-2016:3069",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00033.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10222"
          },
          {
            "name": "DSA-3696",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3696"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/139287/DirtyCow-Local-Root-Proof-Of-Concept.html"
          },
          {
            "name": "SUSE-SU-2016:2592",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00038.html"
          },
          {
            "name": "20170331 [security bulletin] HPESBGN03722 rev.1 - HPE Operations Agent, Local Escalation of Privilege",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/archive/1/540344/100/0/threaded"
          },
          {
            "name": "20161020 [CVE-2016-5195] \"Dirty COW\" Linux privilege escalation vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/archive/1/539611/100/0/threaded"
          },
          {
            "name": "USN-3104-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3104-1"
          },
          {
            "name": "20170615 [security bulletin] HPESBGN03761 rev.1 - HPE Virtualization Performance Viewer (VPV)/ Cloud Optimizer using Linux, Remote Escalation of Privilege",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/540736/100/0/threaded"
          },
          {
            "name": "SUSE-SU-2016:2593",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00039.html"
          },
          {
            "name": "SUSE-SU-2016:3304",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00100.html"
          },
          {
            "name": "[oss-security] 20161021 CVE-2016-5195 \"Dirty COW\" Linux kernel privilege escalation vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/10/21/1"
          },
          {
            "name": "20170310 [security bulletin] HPESBGN03707 rev.1 - HPE ConvergedSystem 700 2.0 VMware Kit, Remote Increase of Privilege",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/540252/100/0/threaded"
          },
          {
            "name": "SUSE-SU-2016:2585",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00036.html"
          },
          {
            "name": "openSUSE-SU-2016:2649",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00063.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.paloaltonetworks.com/CVE-2016-5195"
          },
          {
            "name": "openSUSE-SU-2020:0554",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1753-security-advisory-0026"
          },
          {
            "name": "[oss-security] 20220307 CVE-2022-0847: Linux kernel: overwriting read-only files",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/03/07/1"
          },
          {
            "name": "[oss-security] 20220808 Re: CVE-2022-2590: Linux kernel: Modifying shmem/tmpfs files without write permissions",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/08/08/2"
          },
          {
            "name": "[oss-security] 20220808 CVE-2022-2590: Linux kernel: Modifying shmem/tmpfs files without write permissions",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/08/08/1"
          },
          {
            "name": "[oss-security] 20220808 Re: CVE-2022-2590: Linux kernel: Modifying shmem/tmpfs files without write permissions",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/08/08/7"
          },
          {
            "name": "[oss-security] 20220808 Re: CVE-2022-2590: Linux kernel: Modifying shmem/tmpfs files without write permissions",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/08/08/8"
          },
          {
            "name": "[oss-security] 20220809 Re: CVE-2022-2590: Linux kernel: Modifying shmem/tmpfs files without write permissions",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/08/09/4"
          },
          {
            "name": "[oss-security] 20220815 Re: CVE-2022-2590: Linux kernel: Modifying shmem/tmpfs files without write permissions",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/08/15/1"
          },
          {
            "url": "http://seclists.org/fulldisclosure/2024/Aug/35"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2016-5195",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-29T17:18:38.253279Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2022-03-03",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-5195"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-362",
                "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:55:48.198Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-5195"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2022-03-03T00:00:00.000Z",
            "value": "CVE-2016-5195 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-10-20T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka \"Dirty COW.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-15T11:06:10.000Z",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "name": "RHSA-2016:2107",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2107.html"
        },
        {
          "name": "40616",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/40616/"
        },
        {
          "name": "RHSA-2017:0372",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:0372"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bto.bluecoat.com/security-advisory/sa134"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05352241"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
        },
        {
          "name": "40839",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/40839/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://dirtycow.ninja"
        },
        {
          "name": "40847",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/40847/"
        },
        {
          "name": "RHSA-2016:2118",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2118.html"
        },
        {
          "name": "RHSA-2016:2128",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2128.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://source.android.com/security/bulletin/2016-12-01.html"
        },
        {
          "name": "RHSA-2016:2120",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2120.html"
        },
        {
          "name": "[oss-security] 20161026 Re: CVE-2016-5195 \"Dirty COW\" Linux kernel privilege escalation vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/10/26/7"
        },
        {
          "name": "RHSA-2016:2133",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2133.html"
        },
        {
          "name": "RHSA-2016:2098",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2098.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03761en_us"
        },
        {
          "name": "VU#243144",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "https://www.kb.cert.org/vuls/id/243144"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.suse.com/show_bug.cgi?id=1004418"
        },
        {
          "name": "1037078",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037078"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5195.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03722en_us"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20161025-0001/"
        },
        {
          "name": "93793",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/93793"
        },
        {
          "name": "RHSA-2016:2127",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2127.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security-tracker.debian.org/tracker/CVE-2016-5195"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/dirtycow/dirtycow.github.io/wiki/PoCs"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03742en_us"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/torvalds/linux/commit/19be0eaffa3ac7d8eb6784ad9bdbc7d67ed8e619"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/dirtycow/dirtycow.github.io/wiki/VulnerabilityDetails"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384344"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://access.redhat.com/security/vulnerabilities/2706661"
        },
        {
          "name": "RHSA-2016:2106",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2106.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=19be0eaffa3ac7d8eb6784ad9bdbc7d67ed8e619"
        },
        {
          "name": "40611",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/40611/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://access.redhat.com/security/cve/cve-2016-5195"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://source.android.com/security/bulletin/2016-11-01.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05347541"
        },
        {
          "name": "RHSA-2016:2124",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2124.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.3"
        },
        {
          "name": "RHSA-2016:2105",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2105.html"
        },
        {
          "name": "RHSA-2016:2126",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2126.html"
        },
        {
          "name": "RHSA-2016:2132",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2132.html"
        },
        {
          "name": "RHSA-2016:2110",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2110.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03707en_us"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05341463"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10176"
        },
        {
          "name": "SUSE-SU-2016:2635",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00055.html"
        },
        {
          "name": "SUSE-SU-2016:2659",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00067.html"
        },
        {
          "name": "[oss-security] 20161027 CVE-2016-5195 test case",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/10/27/13"
        },
        {
          "name": "USN-3106-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3106-2"
        },
        {
          "name": "openSUSE-SU-2016:2583",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00034.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/139277/Kernel-Live-Patch-Security-Notice-LSN-0012-1.html"
        },
        {
          "name": "SUSE-SU-2016:2633",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00053.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161207-01-dirtycow-en"
        },
        {
          "name": "SUSE-SU-2016:2638",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00058.html"
        },
        {
          "name": "openSUSE-SU-2016:2584",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00035.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/142151/Kernel-Live-Patch-Security-Notice-LSN-0021-1.html"
        },
        {
          "name": "SUSE-SU-2016:2658",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00066.html"
        },
        {
          "name": "SUSE-SU-2016:2631",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00051.html"
        },
        {
          "name": "USN-3106-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3106-3"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05352241"
        },
        {
          "name": "SUSE-SU-2016:2655",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00064.html"
        },
        {
          "name": "FEDORA-2016-c3558808cd",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3APRVDVPDBXLH4DC5UKZVCR742MJIM3/"
        },
        {
          "name": "20170615 [security bulletin] HPESBGN03761 rev.1 - HPE Virtualization Performance Viewer (VPV)/ Cloud Optimizer using Linux, Remote Escalation of Privilege",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/archive/1/540736/100/0/threaded"
        },
        {
          "name": "SUSE-SU-2016:2637",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00057.html"
        },
        {
          "name": "SUSE-SU-2016:2596",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00040.html"
        },
        {
          "name": "SUSE-SU-2016:2634",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00054.html"
        },
        {
          "name": "20181107 Cisco TelePresence Video Communication Server Test Validation Script Issue",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-vcsd"
        },
        {
          "name": "20161026 Vulnerability in Linux Kernel Affecting Cisco Products: October 2016",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-linux"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10770"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10177"
        },
        {
          "name": "SUSE-SU-2016:2657",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00065.html"
        },
        {
          "name": "SUSE-SU-2016:2614",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00045.html"
        },
        {
          "name": "USN-3105-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3105-2"
        },
        {
          "name": "USN-3107-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3107-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10774"
        },
        {
          "name": "USN-3107-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3107-2"
        },
        {
          "name": "20170331 [security bulletin] HPESBGN03722 rev.1 - HPE Operations Agent, Local Escalation of Privilege",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/540344/100/0/threaded"
        },
        {
          "name": "openSUSE-SU-2016:2625",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00048.html"
        },
        {
          "name": "USN-3106-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3106-1"
        },
        {
          "name": "USN-3106-4",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3106-4"
        },
        {
          "name": "[oss-security] 20161030 Re: CVE-2016-5195 test case",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/10/30/1"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/139923/Linux-Kernel-Dirty-COW-PTRACE_POKEDATA-Privilege-Escalation.html"
        },
        {
          "name": "SUSE-SU-2016:2673",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00072.html"
        },
        {
          "name": "USN-3104-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3104-2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://fortiguard.com/advisory/FG-IR-16-063"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10807"
        },
        {
          "name": "SUSE-SU-2016:2629",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00049.html"
        },
        {
          "name": "20161020 [CVE-2016-5195] \"Dirty COW\" Linux privilege escalation vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/539611/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/139922/Linux-Kernel-Dirty-COW-PTRACE_POKEDATA-Privilege-Escalation.html"
        },
        {
          "name": "SUSE-SU-2016:2632",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00052.html"
        },
        {
          "name": "20170310 [security bulletin] HPESBGN03707 rev.1 - HPE ConvergedSystem 700 2.0 VMware Kit, Remote Increase of Privilege",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/archive/1/540252/100/0/threaded"
        },
        {
          "name": "USN-3105-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3105-1"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/139286/DirtyCow-Linux-Kernel-Race-Condition.html"
        },
        {
          "name": "SUSE-SU-2016:2630",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00050.html"
        },
        {
          "name": "FEDORA-2016-db4b75b352",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E7M62SRP6CZLJ4ZXCRZKV4WPLQBSR7DT/"
        },
        {
          "name": "FEDORA-2016-c8a0c7eece",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NWMDLBWMGZKFHMRJ7QUQVCERP5QHDB6W/"
        },
        {
          "name": "[oss-security] 20161103 Re: CVE-2016-5195 \"Dirty COW\" Linux kernel privilege escalation vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/11/03/7"
        },
        {
          "name": "SUSE-SU-2016:2636",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00056.html"
        },
        {
          "name": "SUSE-SU-2016:3069",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00033.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10222"
        },
        {
          "name": "DSA-3696",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3696"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/139287/DirtyCow-Local-Root-Proof-Of-Concept.html"
        },
        {
          "name": "SUSE-SU-2016:2592",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00038.html"
        },
        {
          "name": "20170331 [security bulletin] HPESBGN03722 rev.1 - HPE Operations Agent, Local Escalation of Privilege",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/archive/1/540344/100/0/threaded"
        },
        {
          "name": "20161020 [CVE-2016-5195] \"Dirty COW\" Linux privilege escalation vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/archive/1/539611/100/0/threaded"
        },
        {
          "name": "USN-3104-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3104-1"
        },
        {
          "name": "20170615 [security bulletin] HPESBGN03761 rev.1 - HPE Virtualization Performance Viewer (VPV)/ Cloud Optimizer using Linux, Remote Escalation of Privilege",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/540736/100/0/threaded"
        },
        {
          "name": "SUSE-SU-2016:2593",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00039.html"
        },
        {
          "name": "SUSE-SU-2016:3304",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00100.html"
        },
        {
          "name": "[oss-security] 20161021 CVE-2016-5195 \"Dirty COW\" Linux kernel privilege escalation vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/10/21/1"
        },
        {
          "name": "20170310 [security bulletin] HPESBGN03707 rev.1 - HPE ConvergedSystem 700 2.0 VMware Kit, Remote Increase of Privilege",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/540252/100/0/threaded"
        },
        {
          "name": "SUSE-SU-2016:2585",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00036.html"
        },
        {
          "name": "openSUSE-SU-2016:2649",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00063.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.paloaltonetworks.com/CVE-2016-5195"
        },
        {
          "name": "openSUSE-SU-2020:0554",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1753-security-advisory-0026"
        },
        {
          "name": "[oss-security] 20220307 CVE-2022-0847: Linux kernel: overwriting read-only files",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/03/07/1"
        },
        {
          "name": "[oss-security] 20220808 Re: CVE-2022-2590: Linux kernel: Modifying shmem/tmpfs files without write permissions",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/08/08/2"
        },
        {
          "name": "[oss-security] 20220808 CVE-2022-2590: Linux kernel: Modifying shmem/tmpfs files without write permissions",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/08/08/1"
        },
        {
          "name": "[oss-security] 20220808 Re: CVE-2022-2590: Linux kernel: Modifying shmem/tmpfs files without write permissions",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/08/08/7"
        },
        {
          "name": "[oss-security] 20220808 Re: CVE-2022-2590: Linux kernel: Modifying shmem/tmpfs files without write permissions",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/08/08/8"
        },
        {
          "name": "[oss-security] 20220809 Re: CVE-2022-2590: Linux kernel: Modifying shmem/tmpfs files without write permissions",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/08/09/4"
        },
        {
          "name": "[oss-security] 20220815 Re: CVE-2022-2590: Linux kernel: Modifying shmem/tmpfs files without write permissions",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/08/15/1"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "chrome-cve-admin@google.com",
          "ID": "CVE-2016-5195",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka \"Dirty COW.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2016:2107",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2107.html"
            },
            {
              "name": "40616",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/40616/"
            },
            {
              "name": "RHSA-2017:0372",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:0372"
            },
            {
              "name": "https://bto.bluecoat.com/security-advisory/sa134",
              "refsource": "CONFIRM",
              "url": "https://bto.bluecoat.com/security-advisory/sa134"
            },
            {
              "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05352241",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05352241"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
            },
            {
              "name": "40839",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/40839/"
            },
            {
              "name": "https://dirtycow.ninja",
              "refsource": "MISC",
              "url": "https://dirtycow.ninja"
            },
            {
              "name": "40847",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/40847/"
            },
            {
              "name": "RHSA-2016:2118",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2118.html"
            },
            {
              "name": "RHSA-2016:2128",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2128.html"
            },
            {
              "name": "https://source.android.com/security/bulletin/2016-12-01.html",
              "refsource": "CONFIRM",
              "url": "https://source.android.com/security/bulletin/2016-12-01.html"
            },
            {
              "name": "RHSA-2016:2120",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2120.html"
            },
            {
              "name": "[oss-security] 20161026 Re: CVE-2016-5195 \"Dirty COW\" Linux kernel privilege escalation vulnerability",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/10/26/7"
            },
            {
              "name": "RHSA-2016:2133",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2133.html"
            },
            {
              "name": "RHSA-2016:2098",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2098.html"
            },
            {
              "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03761en_us",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03761en_us"
            },
            {
              "name": "VU#243144",
              "refsource": "CERT-VN",
              "url": "https://www.kb.cert.org/vuls/id/243144"
            },
            {
              "name": "https://bugzilla.suse.com/show_bug.cgi?id=1004418",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=1004418"
            },
            {
              "name": "1037078",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037078"
            },
            {
              "name": "https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5195.html",
              "refsource": "CONFIRM",
              "url": "https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5195.html"
            },
            {
              "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03722en_us",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03722en_us"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20161025-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20161025-0001/"
            },
            {
              "name": "93793",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/93793"
            },
            {
              "name": "RHSA-2016:2127",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2127.html"
            },
            {
              "name": "https://security-tracker.debian.org/tracker/CVE-2016-5195",
              "refsource": "CONFIRM",
              "url": "https://security-tracker.debian.org/tracker/CVE-2016-5195"
            },
            {
              "name": "https://github.com/dirtycow/dirtycow.github.io/wiki/PoCs",
              "refsource": "MISC",
              "url": "https://github.com/dirtycow/dirtycow.github.io/wiki/PoCs"
            },
            {
              "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03742en_us",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03742en_us"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/19be0eaffa3ac7d8eb6784ad9bdbc7d67ed8e619",
              "refsource": "CONFIRM",
              "url": "https://github.com/torvalds/linux/commit/19be0eaffa3ac7d8eb6784ad9bdbc7d67ed8e619"
            },
            {
              "name": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes",
              "refsource": "CONFIRM",
              "url": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes"
            },
            {
              "name": "https://github.com/dirtycow/dirtycow.github.io/wiki/VulnerabilityDetails",
              "refsource": "MISC",
              "url": "https://github.com/dirtycow/dirtycow.github.io/wiki/VulnerabilityDetails"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1384344",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384344"
            },
            {
              "name": "https://access.redhat.com/security/vulnerabilities/2706661",
              "refsource": "CONFIRM",
              "url": "https://access.redhat.com/security/vulnerabilities/2706661"
            },
            {
              "name": "RHSA-2016:2106",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2106.html"
            },
            {
              "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=19be0eaffa3ac7d8eb6784ad9bdbc7d67ed8e619",
              "refsource": "CONFIRM",
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=19be0eaffa3ac7d8eb6784ad9bdbc7d67ed8e619"
            },
            {
              "name": "40611",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/40611/"
            },
            {
              "name": "https://access.redhat.com/security/cve/cve-2016-5195",
              "refsource": "CONFIRM",
              "url": "https://access.redhat.com/security/cve/cve-2016-5195"
            },
            {
              "name": "https://source.android.com/security/bulletin/2016-11-01.html",
              "refsource": "CONFIRM",
              "url": "https://source.android.com/security/bulletin/2016-11-01.html"
            },
            {
              "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05347541",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05347541"
            },
            {
              "name": "RHSA-2016:2124",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2124.html"
            },
            {
              "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.3",
              "refsource": "CONFIRM",
              "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.3"
            },
            {
              "name": "RHSA-2016:2105",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2105.html"
            },
            {
              "name": "RHSA-2016:2126",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2126.html"
            },
            {
              "name": "RHSA-2016:2132",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2132.html"
            },
            {
              "name": "RHSA-2016:2110",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2110.html"
            },
            {
              "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03707en_us",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbgn03707en_us"
            },
            {
              "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05341463",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05341463"
            },
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10176",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10176"
            },
            {
              "name": "SUSE-SU-2016:2635",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00055.html"
            },
            {
              "name": "SUSE-SU-2016:2659",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00067.html"
            },
            {
              "name": "[oss-security] 20161027 CVE-2016-5195 test case",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/10/27/13"
            },
            {
              "name": "USN-3106-2",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-3106-2"
            },
            {
              "name": "openSUSE-SU-2016:2583",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00034.html"
            },
            {
              "name": "http://packetstormsecurity.com/files/139277/Kernel-Live-Patch-Security-Notice-LSN-0012-1.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/139277/Kernel-Live-Patch-Security-Notice-LSN-0012-1.html"
            },
            {
              "name": "SUSE-SU-2016:2633",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00053.html"
            },
            {
              "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161207-01-dirtycow-en",
              "refsource": "CONFIRM",
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161207-01-dirtycow-en"
            },
            {
              "name": "SUSE-SU-2016:2638",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00058.html"
            },
            {
              "name": "openSUSE-SU-2016:2584",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00035.html"
            },
            {
              "name": "http://packetstormsecurity.com/files/142151/Kernel-Live-Patch-Security-Notice-LSN-0021-1.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/142151/Kernel-Live-Patch-Security-Notice-LSN-0021-1.html"
            },
            {
              "name": "SUSE-SU-2016:2658",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00066.html"
            },
            {
              "name": "SUSE-SU-2016:2631",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00051.html"
            },
            {
              "name": "USN-3106-3",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-3106-3"
            },
            {
              "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05352241",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05352241"
            },
            {
              "name": "SUSE-SU-2016:2655",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00064.html"
            },
            {
              "name": "FEDORA-2016-c3558808cd",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W3APRVDVPDBXLH4DC5UKZVCR742MJIM3/"
            },
            {
              "name": "20170615 [security bulletin] HPESBGN03761 rev.1 - HPE Virtualization Performance Viewer (VPV)/ Cloud Optimizer using Linux, Remote Escalation of Privilege",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/archive/1/540736/100/0/threaded"
            },
            {
              "name": "SUSE-SU-2016:2637",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00057.html"
            },
            {
              "name": "SUSE-SU-2016:2596",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00040.html"
            },
            {
              "name": "SUSE-SU-2016:2634",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00054.html"
            },
            {
              "name": "20181107 Cisco TelePresence Video Communication Server Test Validation Script Issue",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-vcsd"
            },
            {
              "name": "20161026 Vulnerability in Linux Kernel Affecting Cisco Products: October 2016",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-linux"
            },
            {
              "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10770",
              "refsource": "CONFIRM",
              "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10770"
            },
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10177",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10177"
            },
            {
              "name": "SUSE-SU-2016:2657",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00065.html"
            },
            {
              "name": "SUSE-SU-2016:2614",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00045.html"
            },
            {
              "name": "USN-3105-2",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-3105-2"
            },
            {
              "name": "USN-3107-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-3107-1"
            },
            {
              "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10774",
              "refsource": "CONFIRM",
              "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10774"
            },
            {
              "name": "USN-3107-2",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-3107-2"
            },
            {
              "name": "20170331 [security bulletin] HPESBGN03722 rev.1 - HPE Operations Agent, Local Escalation of Privilege",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/540344/100/0/threaded"
            },
            {
              "name": "openSUSE-SU-2016:2625",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00048.html"
            },
            {
              "name": "USN-3106-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-3106-1"
            },
            {
              "name": "USN-3106-4",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-3106-4"
            },
            {
              "name": "[oss-security] 20161030 Re: CVE-2016-5195 test case",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/10/30/1"
            },
            {
              "name": "http://packetstormsecurity.com/files/139923/Linux-Kernel-Dirty-COW-PTRACE_POKEDATA-Privilege-Escalation.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/139923/Linux-Kernel-Dirty-COW-PTRACE_POKEDATA-Privilege-Escalation.html"
            },
            {
              "name": "SUSE-SU-2016:2673",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00072.html"
            },
            {
              "name": "USN-3104-2",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-3104-2"
            },
            {
              "name": "http://fortiguard.com/advisory/FG-IR-16-063",
              "refsource": "CONFIRM",
              "url": "http://fortiguard.com/advisory/FG-IR-16-063"
            },
            {
              "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10807",
              "refsource": "CONFIRM",
              "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10807"
            },
            {
              "name": "SUSE-SU-2016:2629",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00049.html"
            },
            {
              "name": "20161020 [CVE-2016-5195] \"Dirty COW\" Linux privilege escalation vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/539611/100/0/threaded"
            },
            {
              "name": "http://packetstormsecurity.com/files/139922/Linux-Kernel-Dirty-COW-PTRACE_POKEDATA-Privilege-Escalation.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/139922/Linux-Kernel-Dirty-COW-PTRACE_POKEDATA-Privilege-Escalation.html"
            },
            {
              "name": "SUSE-SU-2016:2632",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00052.html"
            },
            {
              "name": "20170310 [security bulletin] HPESBGN03707 rev.1 - HPE ConvergedSystem 700 2.0 VMware Kit, Remote Increase of Privilege",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/archive/1/540252/100/0/threaded"
            },
            {
              "name": "USN-3105-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-3105-1"
            },
            {
              "name": "http://packetstormsecurity.com/files/139286/DirtyCow-Linux-Kernel-Race-Condition.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/139286/DirtyCow-Linux-Kernel-Race-Condition.html"
            },
            {
              "name": "SUSE-SU-2016:2630",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00050.html"
            },
            {
              "name": "FEDORA-2016-db4b75b352",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E7M62SRP6CZLJ4ZXCRZKV4WPLQBSR7DT/"
            },
            {
              "name": "FEDORA-2016-c8a0c7eece",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NWMDLBWMGZKFHMRJ7QUQVCERP5QHDB6W/"
            },
            {
              "name": "[oss-security] 20161103 Re: CVE-2016-5195 \"Dirty COW\" Linux kernel privilege escalation vulnerability",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/11/03/7"
            },
            {
              "name": "SUSE-SU-2016:2636",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00056.html"
            },
            {
              "name": "SUSE-SU-2016:3069",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00033.html"
            },
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10222",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10222"
            },
            {
              "name": "DSA-3696",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2016/dsa-3696"
            },
            {
              "name": "http://packetstormsecurity.com/files/139287/DirtyCow-Local-Root-Proof-Of-Concept.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/139287/DirtyCow-Local-Root-Proof-Of-Concept.html"
            },
            {
              "name": "SUSE-SU-2016:2592",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00038.html"
            },
            {
              "name": "20170331 [security bulletin] HPESBGN03722 rev.1 - HPE Operations Agent, Local Escalation of Privilege",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/archive/1/540344/100/0/threaded"
            },
            {
              "name": "20161020 [CVE-2016-5195] \"Dirty COW\" Linux privilege escalation vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/archive/1/539611/100/0/threaded"
            },
            {
              "name": "USN-3104-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-3104-1"
            },
            {
              "name": "20170615 [security bulletin] HPESBGN03761 rev.1 - HPE Virtualization Performance Viewer (VPV)/ Cloud Optimizer using Linux, Remote Escalation of Privilege",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/540736/100/0/threaded"
            },
            {
              "name": "SUSE-SU-2016:2593",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00039.html"
            },
            {
              "name": "SUSE-SU-2016:3304",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00100.html"
            },
            {
              "name": "[oss-security] 20161021 CVE-2016-5195 \"Dirty COW\" Linux kernel privilege escalation vulnerability",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/10/21/1"
            },
            {
              "name": "20170310 [security bulletin] HPESBGN03707 rev.1 - HPE ConvergedSystem 700 2.0 VMware Kit, Remote Increase of Privilege",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/540252/100/0/threaded"
            },
            {
              "name": "SUSE-SU-2016:2585",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00036.html"
            },
            {
              "name": "openSUSE-SU-2016:2649",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00063.html"
            },
            {
              "name": "https://security.paloaltonetworks.com/CVE-2016-5195",
              "refsource": "CONFIRM",
              "url": "https://security.paloaltonetworks.com/CVE-2016-5195"
            },
            {
              "name": "openSUSE-SU-2020:0554",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html"
            },
            {
              "name": "https://www.arista.com/en/support/advisories-notices/security-advisories/1753-security-advisory-0026",
              "refsource": "MISC",
              "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1753-security-advisory-0026"
            },
            {
              "name": "[oss-security] 20220307 CVE-2022-0847: Linux kernel: overwriting read-only files",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2022/03/07/1"
            },
            {
              "name": "[oss-security] 20220808 Re: CVE-2022-2590: Linux kernel: Modifying shmem/tmpfs files without write permissions",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2022/08/08/2"
            },
            {
              "name": "[oss-security] 20220808 CVE-2022-2590: Linux kernel: Modifying shmem/tmpfs files without write permissions",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2022/08/08/1"
            },
            {
              "name": "[oss-security] 20220808 Re: CVE-2022-2590: Linux kernel: Modifying shmem/tmpfs files without write permissions",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2022/08/08/7"
            },
            {
              "name": "[oss-security] 20220808 Re: CVE-2022-2590: Linux kernel: Modifying shmem/tmpfs files without write permissions",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2022/08/08/8"
            },
            {
              "name": "[oss-security] 20220809 Re: CVE-2022-2590: Linux kernel: Modifying shmem/tmpfs files without write permissions",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2022/08/09/4"
            },
            {
              "name": "[oss-security] 20220815 Re: CVE-2022-2590: Linux kernel: Modifying shmem/tmpfs files without write permissions",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2022/08/15/1"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2016-5195",
    "datePublished": "2016-11-10T21:00:00.000Z",
    "dateReserved": "2016-05-31T00:00:00.000Z",
    "dateUpdated": "2025-11-04T16:09:08.278Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2016-7039 (GCVE-0-2016-7039)

Vulnerability from cvelistv5 – Published: 2016-10-16 21:00 – Updated: 2024-08-06 01:50

Summary

The IP stack in the Linux kernel through 4.8.2 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for large crafted packets, as demonstrated by packets that contain only VLAN headers, a related issue to CVE-2016-8666.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://rhn.redhat.com/errata/RHSA-2016-2107.html	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2017:0372	vendor-advisoryx_refsource_REDHAT
	https://bto.bluecoat.com/security-advisory/sa134	x_refsource_CONFIRM
	http://www.openwall.com/lists/oss-security/2016/1…	mailing-listx_refsource_MLIST
	http://www.oracle.com/technetwork/topics/security…	x_refsource_CONFIRM
	https://bugzilla.redhat.com/show_bug.cgi?id=1375944	x_refsource_CONFIRM
	https://patchwork.ozlabs.org/patch/680412/	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2016-2047.html	vendor-advisoryx_refsource_REDHAT
	http://www.oracle.com/technetwork/topics/security…	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2016-2110.html	vendor-advisoryx_refsource_REDHAT
	http://www.securityfocus.com/bid/93476	vdb-entryx_refsource_BID

Date Public ?

2016-10-10 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:50:46.861Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2016:2107",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2107.html"
          },
          {
            "name": "RHSA-2017:0372",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:0372"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa134"
          },
          {
            "name": "[oss-security] 20161010 CVE-2016-7039 Kernel: net: unbounded recursion in the vlan GRO processing",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/10/10/15"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375944"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://patchwork.ozlabs.org/patch/680412/"
          },
          {
            "name": "RHSA-2016:2047",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2047.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
          },
          {
            "name": "RHSA-2016:2110",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2110.html"
          },
          {
            "name": "93476",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/93476"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-10-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The IP stack in the Linux kernel through 4.8.2 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for large crafted packets, as demonstrated by packets that contain only VLAN headers, a related issue to CVE-2016-8666."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "RHSA-2016:2107",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2107.html"
        },
        {
          "name": "RHSA-2017:0372",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:0372"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bto.bluecoat.com/security-advisory/sa134"
        },
        {
          "name": "[oss-security] 20161010 CVE-2016-7039 Kernel: net: unbounded recursion in the vlan GRO processing",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/10/10/15"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375944"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://patchwork.ozlabs.org/patch/680412/"
        },
        {
          "name": "RHSA-2016:2047",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2047.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
        },
        {
          "name": "RHSA-2016:2110",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2110.html"
        },
        {
          "name": "93476",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/93476"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-7039",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The IP stack in the Linux kernel through 4.8.2 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for large crafted packets, as demonstrated by packets that contain only VLAN headers, a related issue to CVE-2016-8666."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2016:2107",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2107.html"
            },
            {
              "name": "RHSA-2017:0372",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:0372"
            },
            {
              "name": "https://bto.bluecoat.com/security-advisory/sa134",
              "refsource": "CONFIRM",
              "url": "https://bto.bluecoat.com/security-advisory/sa134"
            },
            {
              "name": "[oss-security] 20161010 CVE-2016-7039 Kernel: net: unbounded recursion in the vlan GRO processing",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/10/10/15"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1375944",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375944"
            },
            {
              "name": "https://patchwork.ozlabs.org/patch/680412/",
              "refsource": "CONFIRM",
              "url": "https://patchwork.ozlabs.org/patch/680412/"
            },
            {
              "name": "RHSA-2016:2047",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2047.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
            },
            {
              "name": "RHSA-2016:2110",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2110.html"
            },
            {
              "name": "93476",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/93476"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-7039",
    "datePublished": "2016-10-16T21:00:00.000Z",
    "dateReserved": "2016-08-23T00:00:00.000Z",
    "dateUpdated": "2024-08-06T01:50:46.861Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

RHSA-2016:2107

CVE-2016-8666 (GCVE-0-2016-8666)

CVE-2016-5195 (GCVE-0-2016-5195)

CVE-2016-7039 (GCVE-0-2016-7039)

Tags

Sightings

Nomenclature