CVE-2016-7118 - fs/fcntl.c in the "aufs 3.2.x+setfl-debian" patch in the linux-image package 3.2.0-4 (kernel 3.2.81-

CVE-2016-7118

Summary

fs/fcntl.c in the "aufs 3.2.x+setfl-debian" patch in the linux-image package 3.2.0-4 (kernel 3.2.81-1) in Debian wheezy mishandles F_SETFL fcntl calls on directories, which allows local users to cause a denial of service (NULL pointer dereference and system crash) via standard filesystem operations, as demonstrated by scp from an AUFS filesystem.

References

Vulnerable Configurations

cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

CVSS

Base:	4.9 (as of 28-11-2016 - 20:37)
Impact:
Exploitability:

CWE

CWE-476

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:N/I:N/A:C

refmap via4

bid	92697
mlist	[oss-security] 20160831 CVE request: Kernel Oops when issuing fcntl on an AUFS directory [oss-security] 20160831 Re: CVE request: Kernel Oops when issuing fcntl on an AUFS directory

Last major update

28-11-2016 - 20:37

Published

31-08-2016 - 14:59

Last modified

28-11-2016 - 20:37