csaf_certbund - wid-sec-w-2024-0147

wid-sec-w-2024-0147

Vulnerability from csaf_certbund

Published

2016-05-12 22:00

Modified

2024-01-17 23:00

Summary

Linux Kernel: Schwachstelle ermöglicht Offenlegung von Informationen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Der Kernel stellt den Kern des Linux Betriebssystems dar.

Angriff

Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in Linux Kernel ausnutzen, um Informationen offenzulegen.

Betroffene Betriebssysteme

- Linux

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in Linux Kernel ausnutzen, um Informationen offenzulegen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-0147 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2016/wid-sec-w-2024-0147.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-0147 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0147"
      },
      {
        "category": "external",
        "summary": "Meldung auf der OSS-Security Mailing Liste vom 2016-05-12",
        "url": "http://www.openwall.com/lists/oss-security/2016/05/11/4"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-3021-2 vom 2016-06-28",
        "url": "http://www.ubuntu.com/usn/usn-3021-2/"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-3021-1 vom 2016-06-28",
        "url": "http://www.ubuntu.com/usn/usn-3021-1/"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-3016-3 vom 2016-06-28",
        "url": "http://www.ubuntu.com/usn/usn-3016-3/"
      },
      {
        "category": "external",
        "summary": "vom 2016-06-28",
        "url": "http://www.ubuntu.com/usn/usn-3020-1/"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-3019-1 vom 2016-06-28",
        "url": "http://www.ubuntu.com/usn/usn-3019-1/"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-3018-2 vom 2016-06-28",
        "url": "http://www.ubuntu.com/usn/usn-3018-2/"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-3018-1 vom 2016-06-28",
        "url": "http://www.ubuntu.com/usn/usn-3018-1/"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-3016-1 vom 2016-06-28",
        "url": "http://www.ubuntu.com/usn/usn-3016-4/"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-3017-1 vom 2016-06-28",
        "url": "http://www.ubuntu.com/usn/usn-3017-3/"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-3017-2 vom 2016-06-28",
        "url": "http://www.ubuntu.com/usn/usn-3017-2/"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-3017-1 vom 2016-06-28",
        "url": "http://www.ubuntu.com/usn/usn-3017-1/"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-3016-2 vom 2016-06-28",
        "url": "http://www.ubuntu.com/usn/usn-3016-2/"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-3016-1 vom 2016-06-28",
        "url": "http://www.ubuntu.com/usn/usn-3016-1/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2016:1690-1 vom 2016-06-27",
        "url": "https://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
      },
      {
        "category": "external",
        "summary": "XEN Security Advisory XSA-171 vom 2016-06-28",
        "url": "https://www.debian.org/security/2016/dsa-3607"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2016:1937-1 vom 2016-08-02",
        "url": "https://www.suse.com/de-de/support/update/announcement/2016/suse-su-20161937-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2016:1985-1 vom 2016-08-08",
        "url": "https://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2016:2105-1 vom 2016-09-03",
        "url": "https://www.suse.com/support/update/announcement/2016/suse-su-20162105-1.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2016:2584-1 vom 2016-11-03",
        "url": "https://rhn.redhat.com/errata/RHSA-2016-2584.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2016:2574-1 vom 2016-11-03",
        "url": "https://rhn.redhat.com/errata/RHSA-2016-2574.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2016-2574 vom 2016-11-09",
        "url": "http://linux.oracle.com/errata/ELSA-2016-2574.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2016-3646 vom 2016-11-21",
        "url": "http://linux.oracle.com/errata/ELSA-2016-3646.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2016-3645 vom 2016-11-21",
        "url": "http://linux.oracle.com/errata/ELSA-2016-3645.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2016-3644 vom 2016-11-21",
        "url": "http://linux.oracle.com/errata/ELSA-2016-3644.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2017:0333-1 vom 2017-01-31",
        "url": "https://www.suse.com/support/update/announcement/2017/suse-su-20170333-1.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-3020-1 vom 2024-01-17",
        "url": "https://tanzu.vmware.com/security/usn-3020-1"
      }
    ],
    "source_lang": "en-US",
    "title": "Linux Kernel: Schwachstelle erm\u00f6glicht Offenlegung von Informationen",
    "tracking": {
      "current_release_date": "2024-01-17T23:00:00.000+00:00",
      "generator": {
        "date": "2024-02-15T17:57:15.087+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.0"
        }
      },
      "id": "WID-SEC-W-2024-0147",
      "initial_release_date": "2016-05-12T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2016-05-12T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initial Release"
        },
        {
          "date": "2016-05-12T22:00:00.000+00:00",
          "number": "2",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2016-06-27T22:00:00.000+00:00",
          "number": "3",
          "summary": "New remediations available"
        },
        {
          "date": "2016-06-27T22:00:00.000+00:00",
          "number": "4",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2016-06-28T22:00:00.000+00:00",
          "number": "5",
          "summary": "New remediations available"
        },
        {
          "date": "2016-06-28T22:00:00.000+00:00",
          "number": "6",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2016-08-02T22:00:00.000+00:00",
          "number": "7",
          "summary": "New remediations available"
        },
        {
          "date": "2016-08-02T22:00:00.000+00:00",
          "number": "8",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2016-08-08T22:00:00.000+00:00",
          "number": "9",
          "summary": "New remediations available"
        },
        {
          "date": "2016-09-04T22:00:00.000+00:00",
          "number": "10",
          "summary": "New remediations available"
        },
        {
          "date": "2016-11-03T23:00:00.000+00:00",
          "number": "11",
          "summary": "New remediations available"
        },
        {
          "date": "2016-11-03T23:00:00.000+00:00",
          "number": "12",
          "summary": "New remediations available"
        },
        {
          "date": "2016-11-03T23:00:00.000+00:00",
          "number": "13",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2016-11-09T23:00:00.000+00:00",
          "number": "14",
          "summary": "New remediations available"
        },
        {
          "date": "2016-11-09T23:00:00.000+00:00",
          "number": "15",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2016-11-20T23:00:00.000+00:00",
          "number": "16",
          "summary": "New remediations available"
        },
        {
          "date": "2017-01-30T23:00:00.000+00:00",
          "number": "17",
          "summary": "New remediations available"
        },
        {
          "date": "2024-01-17T23:00:00.000+00:00",
          "number": "18",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        }
      ],
      "status": "final",
      "version": "18"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Open Source Linux Kernel",
            "product": {
              "name": "Open Source Linux Kernel",
              "product_id": "T006656",
              "product_identification_helper": {
                "cpe": "cpe:/o:linux:linux_kernel:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2016-4578",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle im Linux Kernel. Die Schwachstelle beruht auf einer fehlerhaften Initialisierung von Padding Variablen. In der Folge kann ein Angreifer diese Schwachstelle ausnutzen und Daten einsehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T006656",
          "67646",
          "T000126",
          "T004914"
        ]
      },
      "release_date": "2016-05-12T22:00:00Z",
      "title": "CVE-2016-4578"
    }
  ]
}

cve-2016-4578

Vulnerability from cvelistv5

Published

2016-05-23 10:00

Modified

2024-08-06 00:32

Severity

Summary

sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions.

References

URL	Tags
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html	vendor-advisory, x_refsource_SUSE
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e4ec8cc8039a7063e24204299b462bd1383184a5	x_refsource_CONFIRM
http://www.ubuntu.com/usn/USN-3017-1	vendor-advisory, x_refsource_UBUNTU
https://www.exploit-db.com/exploits/46529/	exploit, x_refsource_EXPLOIT-DB
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html	vendor-advisory, x_refsource_SUSE
http://www.ubuntu.com/usn/USN-3017-3	vendor-advisory, x_refsource_UBUNTU
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html	vendor-advisory, x_refsource_SUSE
http://www.ubuntu.com/usn/USN-3018-2	vendor-advisory, x_refsource_UBUNTU
https://github.com/torvalds/linux/commit/e4ec8cc8039a7063e24204299b462bd1383184a5	x_refsource_CONFIRM
http://www.ubuntu.com/usn/USN-3021-2	vendor-advisory, x_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-3017-2	vendor-advisory, x_refsource_UBUNTU
https://bugzilla.redhat.com/show_bug.cgi?id=1335215	x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2016-2584.html	vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2016-2574.html	vendor-advisory, x_refsource_REDHAT
http://www.ubuntu.com/usn/USN-3019-1	vendor-advisory, x_refsource_UBUNTU
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html	vendor-advisory, x_refsource_SUSE
http://www.debian.org/security/2016/dsa-3607	vendor-advisory, x_refsource_DEBIAN
http://www.securityfocus.com/bid/90535	vdb-entry, x_refsource_BID
http://www.ubuntu.com/usn/USN-3016-2	vendor-advisory, x_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-3016-1	vendor-advisory, x_refsource_UBUNTU
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html	vendor-advisory, x_refsource_SUSE
http://www.ubuntu.com/usn/USN-3021-1	vendor-advisory, x_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-3018-1	vendor-advisory, x_refsource_UBUNTU
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9a47e9cff994f37f7f0dbd9ae23740d0f64f9fe6	x_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2016/05/11/5	mailing-list, x_refsource_MLIST
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html	vendor-advisory, x_refsource_SUSE
http://www.ubuntu.com/usn/USN-3016-3	vendor-advisory, x_refsource_UBUNTU
https://github.com/torvalds/linux/commit/9a47e9cff994f37f7f0dbd9ae23740d0f64f9fe6	x_refsource_CONFIRM
http://www.ubuntu.com/usn/USN-3016-4	vendor-advisory, x_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-3020-1	vendor-advisory, x_refsource_UBUNTU
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html	vendor-advisory, x_refsource_SUSE

Impacted products

Vendor	Product
n/a	n/a

Show details on NVD website