certfr_avis - certfr-2016-avi-426

Vendor	Product	Description
Ubuntu	Ubuntu	Ubuntu 16.04 LTS
Ubuntu	Ubuntu	Ubuntu 12.04 LTS
Ubuntu	Ubuntu	Ubuntu 16.10
Ubuntu	Ubuntu	Ubuntu 14.04 LTS

CVE-2016-8645 (GCVE-0-2016-8645)

Vulnerability from cvelistv5

Published

2016-11-28 03:01

Modified

2024-08-06 02:27

Severity ?

CWE

n/a

Summary

The TCP stack in the Linux kernel before 4.8.10 mishandles skb truncation, which allows local users to cause a denial of service (system crash) via a crafted application that makes sendto system calls, related to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c.

References

URL

Tags

	http://www.openwall.com/lists/oss-security/2016/11/30/3	mailing-list, x_refsource_MLIST
	https://access.redhat.com/errata/RHSA-2017:2669	vendor-advisory, x_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=1393904	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/94264	vdb-entry, x_refsource_BID
	http://www.securitytracker.com/id/1037285	vdb-entry, x_refsource_SECTRACK
	https://access.redhat.com/errata/RHSA-2017:2077	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2017:1842	vendor-advisory, x_refsource_REDHAT
	http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.10	x_refsource_CONFIRM
	http://www.openwall.com/lists/oss-security/2016/11/11/3	mailing-list, x_refsource_MLIST
	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ac6e780070e30e4c35bd395acfe9191e6268bdd3	x_refsource_CONFIRM
	https://github.com/torvalds/linux/commit/ac6e780070e30e4c35bd395acfe9191e6268bdd3	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:27:41.276Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20161130 Re: CVE-2016-8645: linux kernel: net: a BUG() statement can be hit in net/ipv4/tcp_input.c",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/11/30/3"
          },
          {
            "name": "RHSA-2017:2669",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2669"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1393904"
          },
          {
            "name": "94264",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94264"
          },
          {
            "name": "1037285",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037285"
          },
          {
            "name": "RHSA-2017:2077",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2077"
          },
          {
            "name": "RHSA-2017:1842",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1842"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.10"
          },
          {
            "name": "[oss-security] 20161111 CVE-2016-8645: linux kernel: net: a BUG() statement can be hit in net/ipv4/tcp_input.c",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/11/11/3"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ac6e780070e30e4c35bd395acfe9191e6268bdd3"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/ac6e780070e30e4c35bd395acfe9191e6268bdd3"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-11-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The TCP stack in the Linux kernel before 4.8.10 mishandles skb truncation, which allows local users to cause a denial of service (system crash) via a crafted application that makes sendto system calls, related to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "[oss-security] 20161130 Re: CVE-2016-8645: linux kernel: net: a BUG() statement can be hit in net/ipv4/tcp_input.c",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/11/30/3"
        },
        {
          "name": "RHSA-2017:2669",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2669"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1393904"
        },
        {
          "name": "94264",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94264"
        },
        {
          "name": "1037285",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037285"
        },
        {
          "name": "RHSA-2017:2077",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2077"
        },
        {
          "name": "RHSA-2017:1842",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1842"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.10"
        },
        {
          "name": "[oss-security] 20161111 CVE-2016-8645: linux kernel: net: a BUG() statement can be hit in net/ipv4/tcp_input.c",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/11/11/3"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ac6e780070e30e4c35bd395acfe9191e6268bdd3"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/torvalds/linux/commit/ac6e780070e30e4c35bd395acfe9191e6268bdd3"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-8645",
    "datePublished": "2016-11-28T03:01:00",
    "dateReserved": "2016-10-12T00:00:00",
    "dateUpdated": "2024-08-06T02:27:41.276Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-7097 (GCVE-0-2016-7097)

Vulnerability from cvelistv5

Published

2016-10-16 21:00

Modified

2024-08-06 01:50

Severity ?

CWE

n/a

Summary

The filesystem implementation in the Linux kernel through 4.8.2 preserves the setgid bit during a setxattr call, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions.

References

URL

Tags

	http://www.ubuntu.com/usn/USN-3146-2	vendor-advisory, x_refsource_UBUNTU
	http://www.ubuntu.com/usn/USN-3146-1	vendor-advisory, x_refsource_UBUNTU
	https://source.android.com/security/bulletin/2017-04-01	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/92659	vdb-entry, x_refsource_BID
	https://access.redhat.com/errata/RHSA-2017:2669	vendor-advisory, x_refsource_REDHAT
	http://www.spinics.net/lists/linux-fsdevel/msg98328.html	mailing-list, x_refsource_MLIST
	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=073931017b49d9458aa351605b43a7e34598caef	x_refsource_CONFIRM
	http://www.openwall.com/lists/oss-security/2016/08/26/3	mailing-list, x_refsource_MLIST
	http://rhn.redhat.com/errata/RHSA-2017-0817.html	vendor-advisory, x_refsource_REDHAT
	http://www.ubuntu.com/usn/USN-3147-1	vendor-advisory, x_refsource_UBUNTU
	https://bugzilla.redhat.com/show_bug.cgi?id=1368938	x_refsource_CONFIRM
	https://github.com/torvalds/linux/commit/073931017b49d9458aa351605b43a7e34598caef	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2017:2077	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2017:1842	vendor-advisory, x_refsource_REDHAT
	http://marc.info/?l=linux-fsdevel&m=147162313630259&w=2	mailing-list, x_refsource_MLIST
	http://www.securitytracker.com/id/1038201	vdb-entry, x_refsource_SECTRACK
	https://support.f5.com/csp/article/K31603170?utm_source=f5support&amp%3Butm_medium=RSS	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:50:47.362Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-3146-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3146-2"
          },
          {
            "name": "USN-3146-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3146-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://source.android.com/security/bulletin/2017-04-01"
          },
          {
            "name": "92659",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/92659"
          },
          {
            "name": "RHSA-2017:2669",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2669"
          },
          {
            "name": "[linux-fsdevel] 20160526 [PATCH 2/2] posix_acl: Clear SGID bit when modifying file permissions",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.spinics.net/lists/linux-fsdevel/msg98328.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=073931017b49d9458aa351605b43a7e34598caef"
          },
          {
            "name": "[oss-security] 20160826 Re: CVE request -- linux kernel: Setting a POSIX ACL via setxattr doesn\u0027t clear the setgid bit",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/08/26/3"
          },
          {
            "name": "RHSA-2017:0817",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0817.html"
          },
          {
            "name": "USN-3147-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3147-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1368938"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/073931017b49d9458aa351605b43a7e34598caef"
          },
          {
            "name": "RHSA-2017:2077",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2077"
          },
          {
            "name": "RHSA-2017:1842",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1842"
          },
          {
            "name": "[linux-fsdevel] 20160819 [PATCH v2] posix_acl: Clear SGID bit when setting file permissions",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=linux-fsdevel\u0026m=147162313630259\u0026w=2"
          },
          {
            "name": "1038201",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038201"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K31603170?utm_source=f5support\u0026amp%3Butm_medium=RSS"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-05-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The filesystem implementation in the Linux kernel through 4.8.2 preserves the setgid bit during a setxattr call, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-10-09T19:07:27",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "USN-3146-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3146-2"
        },
        {
          "name": "USN-3146-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3146-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://source.android.com/security/bulletin/2017-04-01"
        },
        {
          "name": "92659",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/92659"
        },
        {
          "name": "RHSA-2017:2669",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2669"
        },
        {
          "name": "[linux-fsdevel] 20160526 [PATCH 2/2] posix_acl: Clear SGID bit when modifying file permissions",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.spinics.net/lists/linux-fsdevel/msg98328.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=073931017b49d9458aa351605b43a7e34598caef"
        },
        {
          "name": "[oss-security] 20160826 Re: CVE request -- linux kernel: Setting a POSIX ACL via setxattr doesn\u0027t clear the setgid bit",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/08/26/3"
        },
        {
          "name": "RHSA-2017:0817",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0817.html"
        },
        {
          "name": "USN-3147-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3147-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1368938"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/torvalds/linux/commit/073931017b49d9458aa351605b43a7e34598caef"
        },
        {
          "name": "RHSA-2017:2077",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2077"
        },
        {
          "name": "RHSA-2017:1842",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1842"
        },
        {
          "name": "[linux-fsdevel] 20160819 [PATCH v2] posix_acl: Clear SGID bit when setting file permissions",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=linux-fsdevel\u0026m=147162313630259\u0026w=2"
        },
        {
          "name": "1038201",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038201"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.f5.com/csp/article/K31603170?utm_source=f5support\u0026amp%3Butm_medium=RSS"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-7097",
    "datePublished": "2016-10-16T21:00:00",
    "dateReserved": "2016-08-26T00:00:00",
    "dateUpdated": "2024-08-06T01:50:47.362Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-8630 (GCVE-0-2016-8630)

Vulnerability from cvelistv5

Published

2016-11-28 03:01

Modified

2024-08-06 02:27

Severity ?

CWE

n/a

Summary

The x86_decode_insn function in arch/x86/kvm/emulate.c in the Linux kernel before 4.8.7, when KVM is enabled, allows local users to cause a denial of service (host OS crash) via a certain use of a ModR/M byte in an undefined instruction.

References

URL

Tags

	http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.7	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/94459	vdb-entry, x_refsource_BID
	https://bugzilla.redhat.com/show_bug.cgi?id=1393350	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2017-0387.html	vendor-advisory, x_refsource_REDHAT
	https://github.com/torvalds/linux/commit/d9092f52d7e61dd1557f2db2400ddb430e85937e	x_refsource_CONFIRM
	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d9092f52d7e61dd1557f2db2400ddb430e85937e	x_refsource_CONFIRM
	http://www.openwall.com/lists/oss-security/2016/11/22/3	mailing-list, x_refsource_MLIST
	http://rhn.redhat.com/errata/RHSA-2017-0386.html	vendor-advisory, x_refsource_REDHAT

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:27:41.204Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.7"
          },
          {
            "name": "94459",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94459"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1393350"
          },
          {
            "name": "RHSA-2017:0387",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0387.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/d9092f52d7e61dd1557f2db2400ddb430e85937e"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d9092f52d7e61dd1557f2db2400ddb430e85937e"
          },
          {
            "name": "[oss-security] 20161122 CVE-2016-8630 kernel: kvm: x86: NULL pointer dereference duringinstruction decode",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/11/22/3"
          },
          {
            "name": "RHSA-2017:0386",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0386.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-11-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The x86_decode_insn function in arch/x86/kvm/emulate.c in the Linux kernel before 4.8.7, when KVM is enabled, allows local users to cause a denial of service (host OS crash) via a certain use of a ModR/M byte in an undefined instruction."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.7"
        },
        {
          "name": "94459",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94459"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1393350"
        },
        {
          "name": "RHSA-2017:0387",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0387.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/torvalds/linux/commit/d9092f52d7e61dd1557f2db2400ddb430e85937e"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d9092f52d7e61dd1557f2db2400ddb430e85937e"
        },
        {
          "name": "[oss-security] 20161122 CVE-2016-8630 kernel: kvm: x86: NULL pointer dereference duringinstruction decode",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/11/22/3"
        },
        {
          "name": "RHSA-2017:0386",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0386.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-8630",
    "datePublished": "2016-11-28T03:01:00",
    "dateReserved": "2016-10-12T00:00:00",
    "dateUpdated": "2024-08-06T02:27:41.204Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-6213 (GCVE-0-2016-6213)

Vulnerability from cvelistv5

Published

2016-12-28 07:42

Modified

2024-08-06 01:22

Severity ?

CWE

n/a

Summary

fs/namespace.c in the Linux kernel before 4.9 does not restrict how many mounts may exist in a mount namespace, which allows local users to cause a denial of service (memory consumption and deadlock) via MS_BIND mount system calls, as demonstrated by a loop that triggers exponential growth in the number of mounts.

References

URL

Tags

	http://www.openwall.com/lists/oss-security/2016/07/13/8	mailing-list, x_refsource_MLIST
	https://github.com/torvalds/linux/commit/d29216842a85c7970c536108e093963f02714498	x_refsource_CONFIRM
	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d29216842a85c7970c536108e093963f02714498	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/91754	vdb-entry, x_refsource_BID
	https://bugzilla.redhat.com/show_bug.cgi?id=1356471	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2017:2077	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2017:1842	vendor-advisory, x_refsource_REDHAT

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:22:20.659Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20160713 Re: cve request: local DoS by overflowing kernel mount table using shared bind mount",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/07/13/8"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/d29216842a85c7970c536108e093963f02714498"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d29216842a85c7970c536108e093963f02714498"
          },
          {
            "name": "91754",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/91754"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1356471"
          },
          {
            "name": "RHSA-2017:2077",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2077"
          },
          {
            "name": "RHSA-2017:1842",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1842"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-07-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "fs/namespace.c in the Linux kernel before 4.9 does not restrict how many mounts may exist in a mount namespace, which allows local users to cause a denial of service (memory consumption and deadlock) via MS_BIND mount system calls, as demonstrated by a loop that triggers exponential growth in the number of mounts."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[oss-security] 20160713 Re: cve request: local DoS by overflowing kernel mount table using shared bind mount",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/07/13/8"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/torvalds/linux/commit/d29216842a85c7970c536108e093963f02714498"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d29216842a85c7970c536108e093963f02714498"
        },
        {
          "name": "91754",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/91754"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1356471"
        },
        {
          "name": "RHSA-2017:2077",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2077"
        },
        {
          "name": "RHSA-2017:1842",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1842"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-6213",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "fs/namespace.c in the Linux kernel before 4.9 does not restrict how many mounts may exist in a mount namespace, which allows local users to cause a denial of service (memory consumption and deadlock) via MS_BIND mount system calls, as demonstrated by a loop that triggers exponential growth in the number of mounts."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[oss-security] 20160713 Re: cve request: local DoS by overflowing kernel mount table using shared bind mount",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/07/13/8"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/d29216842a85c7970c536108e093963f02714498",
              "refsource": "CONFIRM",
              "url": "https://github.com/torvalds/linux/commit/d29216842a85c7970c536108e093963f02714498"
            },
            {
              "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d29216842a85c7970c536108e093963f02714498",
              "refsource": "CONFIRM",
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d29216842a85c7970c536108e093963f02714498"
            },
            {
              "name": "91754",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/91754"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1356471",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1356471"
            },
            {
              "name": "RHSA-2017:2077",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2077"
            },
            {
              "name": "RHSA-2017:1842",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1842"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-6213",
    "datePublished": "2016-12-28T07:42:00",
    "dateReserved": "2016-07-13T00:00:00",
    "dateUpdated": "2024-08-06T01:22:20.659Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-4568 (GCVE-0-2016-4568)

Vulnerability from cvelistv5

Published

2016-05-23 10:00

Modified

2024-08-06 00:32

Severity ?

CWE

n/a

Summary

drivers/media/v4l2-core/videobuf2-v4l2.c in the Linux kernel before 4.5.3 allows local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a crafted number of planes in a VIDIOC_DQBUF ioctl call.

References

URL

Tags

	http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.3	x_refsource_CONFIRM
	http://www.openwall.com/lists/oss-security/2016/05/07/4	mailing-list, x_refsource_MLIST
	https://bugzilla.redhat.com/show_bug.cgi?id=1334316	x_refsource_CONFIRM
	https://github.com/torvalds/linux/commit/2c1f6951a8a82e6de0d82b1158b5e493fc6c54ab	x_refsource_CONFIRM
	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2c1f6951a8a82e6de0d82b1158b5e493fc6c54ab	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T00:32:25.818Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.3"
          },
          {
            "name": "[oss-security] 20160507 CVE Request: Linux: [media] videobuf2-v4l2: Verify planes array in buffer dequeueing",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/05/07/4"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1334316"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/2c1f6951a8a82e6de0d82b1158b5e493fc6c54ab"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2c1f6951a8a82e6de0d82b1158b5e493fc6c54ab"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-05-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "drivers/media/v4l2-core/videobuf2-v4l2.c in the Linux kernel before 4.5.3 allows local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a crafted number of planes in a VIDIOC_DQBUF ioctl call."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-05-23T02:57:01",
        "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "shortName": "debian"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.3"
        },
        {
          "name": "[oss-security] 20160507 CVE Request: Linux: [media] videobuf2-v4l2: Verify planes array in buffer dequeueing",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/05/07/4"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1334316"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/torvalds/linux/commit/2c1f6951a8a82e6de0d82b1158b5e493fc6c54ab"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2c1f6951a8a82e6de0d82b1158b5e493fc6c54ab"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@debian.org",
          "ID": "CVE-2016-4568",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "drivers/media/v4l2-core/videobuf2-v4l2.c in the Linux kernel before 4.5.3 allows local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a crafted number of planes in a VIDIOC_DQBUF ioctl call."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.3",
              "refsource": "CONFIRM",
              "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.3"
            },
            {
              "name": "[oss-security] 20160507 CVE Request: Linux: [media] videobuf2-v4l2: Verify planes array in buffer dequeueing",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/05/07/4"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1334316",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1334316"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/2c1f6951a8a82e6de0d82b1158b5e493fc6c54ab",
              "refsource": "CONFIRM",
              "url": "https://github.com/torvalds/linux/commit/2c1f6951a8a82e6de0d82b1158b5e493fc6c54ab"
            },
            {
              "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2c1f6951a8a82e6de0d82b1158b5e493fc6c54ab",
              "refsource": "CONFIRM",
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2c1f6951a8a82e6de0d82b1158b5e493fc6c54ab"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
    "assignerShortName": "debian",
    "cveId": "CVE-2016-4568",
    "datePublished": "2016-05-23T10:00:00",
    "dateReserved": "2016-05-07T00:00:00",
    "dateUpdated": "2024-08-06T00:32:25.818Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-8658 (GCVE-0-2016-8658)

Vulnerability from cvelistv5

Published

2016-10-16 21:00

Modified

2024-08-06 02:27

Severity ?

CWE

n/a

Summary

Stack-based buffer overflow in the brcmf_cfg80211_start_ap function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel before 4.7.5 allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a long SSID Information Element in a command to a Netlink socket.

References

URL

Tags

	http://www.ubuntu.com/usn/USN-3146-2	vendor-advisory, x_refsource_UBUNTU
	https://github.com/torvalds/linux/commit/ded89912156b1a47d940a0c954c43afbabd0c42c	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/USN-3146-1	vendor-advisory, x_refsource_UBUNTU
	http://www.ubuntu.com/usn/USN-3145-1	vendor-advisory, x_refsource_UBUNTU
	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ded89912156b1a47d940a0c954c43afbabd0c42c	x_refsource_CONFIRM
	http://www.openwall.com/lists/oss-security/2016/10/13/1	mailing-list, x_refsource_MLIST
	https://bugzilla.redhat.com/show_bug.cgi?id=1384403	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/USN-3145-2	vendor-advisory, x_refsource_UBUNTU
	http://www.securityfocus.com/bid/93541	vdb-entry, x_refsource_BID
	http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.5	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:27:41.301Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-3146-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3146-2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/ded89912156b1a47d940a0c954c43afbabd0c42c"
          },
          {
            "name": "USN-3146-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3146-1"
          },
          {
            "name": "USN-3145-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3145-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ded89912156b1a47d940a0c954c43afbabd0c42c"
          },
          {
            "name": "[oss-security] 20161013 Re: CVE Request -- Broadcom Wifi Driver Brcmfmac brcmf_cfg80211_start_ap Buffer Overflow",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/10/13/1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384403"
          },
          {
            "name": "USN-3145-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3145-2"
          },
          {
            "name": "93541",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/93541"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.5"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-09-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack-based buffer overflow in the brcmf_cfg80211_start_ap function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel before 4.7.5 allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a long SSID Information Element in a command to a Netlink socket."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-01-04T21:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "USN-3146-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3146-2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/torvalds/linux/commit/ded89912156b1a47d940a0c954c43afbabd0c42c"
        },
        {
          "name": "USN-3146-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3146-1"
        },
        {
          "name": "USN-3145-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3145-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ded89912156b1a47d940a0c954c43afbabd0c42c"
        },
        {
          "name": "[oss-security] 20161013 Re: CVE Request -- Broadcom Wifi Driver Brcmfmac brcmf_cfg80211_start_ap Buffer Overflow",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/10/13/1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384403"
        },
        {
          "name": "USN-3145-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3145-2"
        },
        {
          "name": "93541",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/93541"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.5"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-8658",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Stack-based buffer overflow in the brcmf_cfg80211_start_ap function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel before 4.7.5 allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a long SSID Information Element in a command to a Netlink socket."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-3146-2",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-3146-2"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/ded89912156b1a47d940a0c954c43afbabd0c42c",
              "refsource": "CONFIRM",
              "url": "https://github.com/torvalds/linux/commit/ded89912156b1a47d940a0c954c43afbabd0c42c"
            },
            {
              "name": "USN-3146-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-3146-1"
            },
            {
              "name": "USN-3145-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-3145-1"
            },
            {
              "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ded89912156b1a47d940a0c954c43afbabd0c42c",
              "refsource": "CONFIRM",
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ded89912156b1a47d940a0c954c43afbabd0c42c"
            },
            {
              "name": "[oss-security] 20161013 Re: CVE Request -- Broadcom Wifi Driver Brcmfmac brcmf_cfg80211_start_ap Buffer Overflow",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/10/13/1"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1384403",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384403"
            },
            {
              "name": "USN-3145-2",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-3145-2"
            },
            {
              "name": "93541",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/93541"
            },
            {
              "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.5",
              "refsource": "CONFIRM",
              "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.5"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-8658",
    "datePublished": "2016-10-16T21:00:00",
    "dateReserved": "2016-10-13T00:00:00",
    "dateUpdated": "2024-08-06T02:27:41.301Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-8633 (GCVE-0-2016-8633)

Vulnerability from cvelistv5

Published

2016-11-28 03:01

Modified

2024-08-06 02:27

Severity ?

CWE

n/a

Summary

drivers/firewire/net.c in the Linux kernel before 4.8.7, in certain unusual hardware configurations, allows remote attackers to execute arbitrary code via crafted fragmented packets.

References

URL

Tags

	http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.7	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/94149	vdb-entry, x_refsource_BID
	https://access.redhat.com/errata/RHSA-2018:1062	vendor-advisory, x_refsource_REDHAT
	https://eyalitkin.wordpress.com/2016/11/06/cve-publication-cve-2016-8633/	x_refsource_MISC
	https://access.redhat.com/errata/RHSA-2018:0676	vendor-advisory, x_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=1391490	x_refsource_CONFIRM
	https://github.com/torvalds/linux/commit/667121ace9dbafb368618dbabcf07901c962ddac	x_refsource_CONFIRM
	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=667121ace9dbafb368618dbabcf07901c962ddac	x_refsource_CONFIRM
	http://www.openwall.com/lists/oss-security/2016/11/06/1	mailing-list, x_refsource_MLIST
	https://access.redhat.com/errata/RHSA-2019:1170	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2019:1190	vendor-advisory, x_refsource_REDHAT

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:27:41.221Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.7"
          },
          {
            "name": "94149",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94149"
          },
          {
            "name": "RHSA-2018:1062",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1062"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://eyalitkin.wordpress.com/2016/11/06/cve-publication-cve-2016-8633/"
          },
          {
            "name": "RHSA-2018:0676",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0676"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1391490"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/667121ace9dbafb368618dbabcf07901c962ddac"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=667121ace9dbafb368618dbabcf07901c962ddac"
          },
          {
            "name": "[oss-security] 20161106 Re: [engineering.redhat.com #426293] CVE Request - firewire driver RCE - linux 4.8",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/11/06/1"
          },
          {
            "name": "RHSA-2019:1170",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1170"
          },
          {
            "name": "RHSA-2019:1190",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1190"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-11-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "drivers/firewire/net.c in the Linux kernel before 4.8.7, in certain unusual hardware configurations, allows remote attackers to execute arbitrary code via crafted fragmented packets."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-05-14T22:06:08",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.7"
        },
        {
          "name": "94149",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94149"
        },
        {
          "name": "RHSA-2018:1062",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1062"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://eyalitkin.wordpress.com/2016/11/06/cve-publication-cve-2016-8633/"
        },
        {
          "name": "RHSA-2018:0676",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0676"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1391490"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/torvalds/linux/commit/667121ace9dbafb368618dbabcf07901c962ddac"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=667121ace9dbafb368618dbabcf07901c962ddac"
        },
        {
          "name": "[oss-security] 20161106 Re: [engineering.redhat.com #426293] CVE Request - firewire driver RCE - linux 4.8",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/11/06/1"
        },
        {
          "name": "RHSA-2019:1170",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1170"
        },
        {
          "name": "RHSA-2019:1190",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1190"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-8633",
    "datePublished": "2016-11-28T03:01:00",
    "dateReserved": "2016-10-12T00:00:00",
    "dateUpdated": "2024-08-06T02:27:41.221Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-9313 (GCVE-0-2016-9313)

Vulnerability from cvelistv5

Published

2016-11-28 03:01

Modified

2024-08-06 02:50

Severity ?

CWE

n/a

Summary

security/keys/big_key.c in the Linux kernel before 4.8.7 mishandles unsuccessful crypto registration in conjunction with successful key-type registration, which allows local users to cause a denial of service (NULL pointer dereference and panic) or possibly have unspecified other impact via a crafted application that uses the big_key data type.

References

URL

Tags

	http://www.openwall.com/lists/oss-security/2016/07/22/1	mailing-list, x_refsource_MLIST
	https://github.com/torvalds/linux/commit/7df3e59c3d1df4f87fe874c7956ef7a3d2f4d5fb	x_refsource_CONFIRM
	http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.7	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/94546	vdb-entry, x_refsource_BID
	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7df3e59c3d1df4f87fe874c7956ef7a3d2f4d5fb	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:50:37.612Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20160722 panic at big_key_preparse #4.7-r6/rc7 \u0026 master",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/07/22/1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/7df3e59c3d1df4f87fe874c7956ef7a3d2f4d5fb"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.7"
          },
          {
            "name": "94546",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94546"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7df3e59c3d1df4f87fe874c7956ef7a3d2f4d5fb"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-07-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "security/keys/big_key.c in the Linux kernel before 4.8.7 mishandles unsuccessful crypto registration in conjunction with successful key-type registration, which allows local users to cause a denial of service (NULL pointer dereference and panic) or possibly have unspecified other impact via a crafted application that uses the big_key data type."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-11-29T10:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[oss-security] 20160722 panic at big_key_preparse #4.7-r6/rc7 \u0026 master",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/07/22/1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/torvalds/linux/commit/7df3e59c3d1df4f87fe874c7956ef7a3d2f4d5fb"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.7"
        },
        {
          "name": "94546",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94546"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7df3e59c3d1df4f87fe874c7956ef7a3d2f4d5fb"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-9313",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "security/keys/big_key.c in the Linux kernel before 4.8.7 mishandles unsuccessful crypto registration in conjunction with successful key-type registration, which allows local users to cause a denial of service (NULL pointer dereference and panic) or possibly have unspecified other impact via a crafted application that uses the big_key data type."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[oss-security] 20160722 panic at big_key_preparse #4.7-r6/rc7 \u0026 master",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/07/22/1"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/7df3e59c3d1df4f87fe874c7956ef7a3d2f4d5fb",
              "refsource": "CONFIRM",
              "url": "https://github.com/torvalds/linux/commit/7df3e59c3d1df4f87fe874c7956ef7a3d2f4d5fb"
            },
            {
              "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.7",
              "refsource": "CONFIRM",
              "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.7"
            },
            {
              "name": "94546",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/94546"
            },
            {
              "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7df3e59c3d1df4f87fe874c7956ef7a3d2f4d5fb",
              "refsource": "CONFIRM",
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7df3e59c3d1df4f87fe874c7956ef7a3d2f4d5fb"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-9313",
    "datePublished": "2016-11-28T03:01:00",
    "dateReserved": "2016-11-14T00:00:00",
    "dateUpdated": "2024-08-06T02:50:37.612Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-9178 (GCVE-0-2016-9178)

Vulnerability from cvelistv5

Published

2016-11-28 03:01

Modified

2024-08-06 02:42

Severity ?

CWE

n/a

Summary

The __get_user_asm_ex macro in arch/x86/include/asm/uaccess.h in the Linux kernel before 4.7.5 does not initialize a certain integer variable, which allows local users to obtain sensitive information from kernel stack memory by triggering failure of a get_user_ex call.

References

URL

Tags

	https://github.com/torvalds/linux/commit/1c109fabbd51863475cd12ac206bdd249aee35af	x_refsource_CONFIRM
	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1c109fabbd51863475cd12ac206bdd249aee35af	x_refsource_CONFIRM
	http://www.openwall.com/lists/oss-security/2016/11/04/4	mailing-list, x_refsource_MLIST
	https://bugzilla.redhat.com/show_bug.cgi?id=1391908	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/94144	vdb-entry, x_refsource_BID
	http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.5	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:42:10.983Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/1c109fabbd51863475cd12ac206bdd249aee35af"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1c109fabbd51863475cd12ac206bdd249aee35af"
          },
          {
            "name": "[oss-security] 20161104 Re: kernel: fix minor infoleak in get_user_ex()",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/11/04/4"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1391908"
          },
          {
            "name": "94144",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94144"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.5"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-09-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The __get_user_asm_ex macro in arch/x86/include/asm/uaccess.h in the Linux kernel before 4.7.5 does not initialize a certain integer variable, which allows local users to obtain sensitive information from kernel stack memory by triggering failure of a get_user_ex call."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-11-28T10:57:02",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/torvalds/linux/commit/1c109fabbd51863475cd12ac206bdd249aee35af"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1c109fabbd51863475cd12ac206bdd249aee35af"
        },
        {
          "name": "[oss-security] 20161104 Re: kernel: fix minor infoleak in get_user_ex()",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/11/04/4"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1391908"
        },
        {
          "name": "94144",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94144"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.5"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-9178",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The __get_user_asm_ex macro in arch/x86/include/asm/uaccess.h in the Linux kernel before 4.7.5 does not initialize a certain integer variable, which allows local users to obtain sensitive information from kernel stack memory by triggering failure of a get_user_ex call."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/torvalds/linux/commit/1c109fabbd51863475cd12ac206bdd249aee35af",
              "refsource": "CONFIRM",
              "url": "https://github.com/torvalds/linux/commit/1c109fabbd51863475cd12ac206bdd249aee35af"
            },
            {
              "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1c109fabbd51863475cd12ac206bdd249aee35af",
              "refsource": "CONFIRM",
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1c109fabbd51863475cd12ac206bdd249aee35af"
            },
            {
              "name": "[oss-security] 20161104 Re: kernel: fix minor infoleak in get_user_ex()",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/11/04/4"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1391908",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1391908"
            },
            {
              "name": "94144",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/94144"
            },
            {
              "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.5",
              "refsource": "CONFIRM",
              "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.5"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-9178",
    "datePublished": "2016-11-28T03:01:00",
    "dateReserved": "2016-11-04T00:00:00",
    "dateUpdated": "2024-08-06T02:42:10.983Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-9555 (GCVE-0-2016-9555)

Vulnerability from cvelistv5

Published

2016-11-28 03:01

Modified

2024-08-06 02:50

Severity ?

CWE

n/a

Summary

The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel before 4.8.8 lacks chunk-length checking for the first chunk, which allows remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data.

References

URL

Tags

	http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00044.html	vendor-advisory, x_refsource_SUSE
	https://bto.bluecoat.com/security-advisory/sa134	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00077.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00067.html	vendor-advisory, x_refsource_SUSE
	http://www.securitytracker.com/id/1037339	vdb-entry, x_refsource_SECTRACK
	http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00056.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00073.html	vendor-advisory, x_refsource_SUSE
	https://github.com/torvalds/linux/commit/bf911e985d6bbaa328c20c3e05f4eb03de11fdd6	x_refsource_CONFIRM
	http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.8	x_refsource_CONFIRM
	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bf911e985d6bbaa328c20c3e05f4eb03de11fdd6	x_refsource_CONFIRM
	https://groups.google.com/forum/#%21topic/syzkaller/pAUcHsUJbjk	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2017-0086.html	vendor-advisory, x_refsource_REDHAT
	http://rhn.redhat.com/errata/RHSA-2017-0113.html	vendor-advisory, x_refsource_REDHAT
	http://rhn.redhat.com/errata/RHSA-2017-0091.html	vendor-advisory, x_refsource_REDHAT
	http://www.securityfocus.com/bid/94479	vdb-entry, x_refsource_BID
	http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00087.html	vendor-advisory, x_refsource_SUSE
	http://www.openwall.com/lists/oss-security/2016/11/22/18	mailing-list, x_refsource_MLIST
	http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00070.html	vendor-advisory, x_refsource_SUSE
	https://bugzilla.redhat.com/show_bug.cgi?id=1397930	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00055.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00054.html	vendor-advisory, x_refsource_SUSE
	http://rhn.redhat.com/errata/RHSA-2017-0307.html	vendor-advisory, x_refsource_REDHAT
	http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00076.html	vendor-advisory, x_refsource_SUSE

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:50:38.588Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SUSE-SU-2016:3096",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00044.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa134"
          },
          {
            "name": "SUSE-SU-2016:3206",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00077.html"
          },
          {
            "name": "SUSE-SU-2016:3169",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00067.html"
          },
          {
            "name": "1037339",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037339"
          },
          {
            "name": "SUSE-SU-2016:3117",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00056.html"
          },
          {
            "name": "SUSE-SU-2016:3197",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00073.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/bf911e985d6bbaa328c20c3e05f4eb03de11fdd6"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.8"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bf911e985d6bbaa328c20c3e05f4eb03de11fdd6"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://groups.google.com/forum/#%21topic/syzkaller/pAUcHsUJbjk"
          },
          {
            "name": "RHSA-2017:0086",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0086.html"
          },
          {
            "name": "RHSA-2017:0113",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0113.html"
          },
          {
            "name": "RHSA-2017:0091",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0091.html"
          },
          {
            "name": "94479",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94479"
          },
          {
            "name": "SUSE-SU-2016:3247",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00087.html"
          },
          {
            "name": "[oss-security] 20161122 CVE Request: Linux: net/sctp: slab-out-of-bounds in sctp_sf_ootb",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/11/22/18"
          },
          {
            "name": "SUSE-SU-2016:3183",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00070.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1397930"
          },
          {
            "name": "SUSE-SU-2016:3116",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00055.html"
          },
          {
            "name": "SUSE-SU-2016:3113",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00054.html"
          },
          {
            "name": "RHSA-2017:0307",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0307.html"
          },
          {
            "name": "SUSE-SU-2016:3205",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00076.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-11-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel before 4.8.8 lacks chunk-length checking for the first chunk, which allows remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "SUSE-SU-2016:3096",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00044.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bto.bluecoat.com/security-advisory/sa134"
        },
        {
          "name": "SUSE-SU-2016:3206",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00077.html"
        },
        {
          "name": "SUSE-SU-2016:3169",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00067.html"
        },
        {
          "name": "1037339",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037339"
        },
        {
          "name": "SUSE-SU-2016:3117",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00056.html"
        },
        {
          "name": "SUSE-SU-2016:3197",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00073.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/torvalds/linux/commit/bf911e985d6bbaa328c20c3e05f4eb03de11fdd6"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.8"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bf911e985d6bbaa328c20c3e05f4eb03de11fdd6"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://groups.google.com/forum/#%21topic/syzkaller/pAUcHsUJbjk"
        },
        {
          "name": "RHSA-2017:0086",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0086.html"
        },
        {
          "name": "RHSA-2017:0113",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0113.html"
        },
        {
          "name": "RHSA-2017:0091",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0091.html"
        },
        {
          "name": "94479",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94479"
        },
        {
          "name": "SUSE-SU-2016:3247",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00087.html"
        },
        {
          "name": "[oss-security] 20161122 CVE Request: Linux: net/sctp: slab-out-of-bounds in sctp_sf_ootb",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/11/22/18"
        },
        {
          "name": "SUSE-SU-2016:3183",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00070.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1397930"
        },
        {
          "name": "SUSE-SU-2016:3116",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00055.html"
        },
        {
          "name": "SUSE-SU-2016:3113",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00054.html"
        },
        {
          "name": "RHSA-2017:0307",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0307.html"
        },
        {
          "name": "SUSE-SU-2016:3205",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00076.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-9555",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel before 4.8.8 lacks chunk-length checking for the first chunk, which allows remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "SUSE-SU-2016:3096",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00044.html"
            },
            {
              "name": "https://bto.bluecoat.com/security-advisory/sa134",
              "refsource": "CONFIRM",
              "url": "https://bto.bluecoat.com/security-advisory/sa134"
            },
            {
              "name": "SUSE-SU-2016:3206",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00077.html"
            },
            {
              "name": "SUSE-SU-2016:3169",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00067.html"
            },
            {
              "name": "1037339",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037339"
            },
            {
              "name": "SUSE-SU-2016:3117",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00056.html"
            },
            {
              "name": "SUSE-SU-2016:3197",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00073.html"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/bf911e985d6bbaa328c20c3e05f4eb03de11fdd6",
              "refsource": "CONFIRM",
              "url": "https://github.com/torvalds/linux/commit/bf911e985d6bbaa328c20c3e05f4eb03de11fdd6"
            },
            {
              "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.8",
              "refsource": "CONFIRM",
              "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.8"
            },
            {
              "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bf911e985d6bbaa328c20c3e05f4eb03de11fdd6",
              "refsource": "CONFIRM",
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bf911e985d6bbaa328c20c3e05f4eb03de11fdd6"
            },
            {
              "name": "https://groups.google.com/forum/#!topic/syzkaller/pAUcHsUJbjk",
              "refsource": "CONFIRM",
              "url": "https://groups.google.com/forum/#!topic/syzkaller/pAUcHsUJbjk"
            },
            {
              "name": "RHSA-2017:0086",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0086.html"
            },
            {
              "name": "RHSA-2017:0113",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0113.html"
            },
            {
              "name": "RHSA-2017:0091",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0091.html"
            },
            {
              "name": "94479",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/94479"
            },
            {
              "name": "SUSE-SU-2016:3247",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00087.html"
            },
            {
              "name": "[oss-security] 20161122 CVE Request: Linux: net/sctp: slab-out-of-bounds in sctp_sf_ootb",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/11/22/18"
            },
            {
              "name": "SUSE-SU-2016:3183",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00070.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1397930",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1397930"
            },
            {
              "name": "SUSE-SU-2016:3116",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00055.html"
            },
            {
              "name": "SUSE-SU-2016:3113",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00054.html"
            },
            {
              "name": "RHSA-2017:0307",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0307.html"
            },
            {
              "name": "SUSE-SU-2016:3205",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00076.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-9555",
    "datePublished": "2016-11-28T03:01:00",
    "dateReserved": "2016-11-22T00:00:00",
    "dateUpdated": "2024-08-06T02:50:38.588Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-7425 (GCVE-0-2016-7425)

Vulnerability from cvelistv5

Published

2016-10-16 21:00

Modified

2024-08-06 01:57

Severity ?

CWE

n/a

Summary

The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel through 4.8.2 does not restrict a certain length field, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code.

References

URL

Tags

	http://www.ubuntu.com/usn/USN-3146-2	vendor-advisory, x_refsource_UBUNTU
	https://bugzilla.redhat.com/show_bug.cgi?id=1377330	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/USN-3144-2	vendor-advisory, x_refsource_UBUNTU
	http://www.ubuntu.com/usn/USN-3146-1	vendor-advisory, x_refsource_UBUNTU
	http://www.ubuntu.com/usn/USN-3145-1	vendor-advisory, x_refsource_UBUNTU
	http://www.openwall.com/lists/oss-security/2016/09/17/2	mailing-list, x_refsource_MLIST
	http://marc.info/?l=linux-scsi&m=147394796228991&w=2	mailing-list, x_refsource_MLIST
	http://www.ubuntu.com/usn/USN-3144-1	vendor-advisory, x_refsource_UBUNTU
	http://www.ubuntu.com/usn/USN-3147-1	vendor-advisory, x_refsource_UBUNTU
	http://marc.info/?l=linux-scsi&m=147394713328707&w=2	mailing-list, x_refsource_MLIST
	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7bc2b55a5c030685b399bb65b6baa9ccc3d1f167	x_refsource_CONFIRM
	https://security-tracker.debian.org/tracker/CVE-2016-7425	x_refsource_CONFIRM
	https://github.com/torvalds/linux/commit/7bc2b55a5c030685b399bb65b6baa9ccc3d1f167	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/USN-3145-2	vendor-advisory, x_refsource_UBUNTU
	http://www.securityfocus.com/bid/93037	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:57:47.611Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-3146-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3146-2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1377330"
          },
          {
            "name": "USN-3144-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3144-2"
          },
          {
            "name": "USN-3146-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3146-1"
          },
          {
            "name": "USN-3145-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3145-1"
          },
          {
            "name": "[oss-security] 20160916 Re: linux kernel SCSI arcmsr driver: buffer overflow in arcmsr_iop_message_xfer()",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/09/17/2"
          },
          {
            "name": "[linux-kernel] 20160915 Re: [patch v2] arcmsr: buffer overflow in arcmsr_iop_message_xfer()",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=linux-scsi\u0026m=147394796228991\u0026w=2"
          },
          {
            "name": "USN-3144-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3144-1"
          },
          {
            "name": "USN-3147-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3147-1"
          },
          {
            "name": "[linux-kernel] 20160915 [patch v2] arcmsr: buffer overflow in arcmsr_iop_message_xfer()",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=linux-scsi\u0026m=147394713328707\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7bc2b55a5c030685b399bb65b6baa9ccc3d1f167"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security-tracker.debian.org/tracker/CVE-2016-7425"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/7bc2b55a5c030685b399bb65b6baa9ccc3d1f167"
          },
          {
            "name": "USN-3145-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3145-2"
          },
          {
            "name": "93037",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/93037"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-09-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel through 4.8.2 does not restrict a certain length field, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-01-04T21:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "USN-3146-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3146-2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1377330"
        },
        {
          "name": "USN-3144-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3144-2"
        },
        {
          "name": "USN-3146-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3146-1"
        },
        {
          "name": "USN-3145-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3145-1"
        },
        {
          "name": "[oss-security] 20160916 Re: linux kernel SCSI arcmsr driver: buffer overflow in arcmsr_iop_message_xfer()",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/09/17/2"
        },
        {
          "name": "[linux-kernel] 20160915 Re: [patch v2] arcmsr: buffer overflow in arcmsr_iop_message_xfer()",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=linux-scsi\u0026m=147394796228991\u0026w=2"
        },
        {
          "name": "USN-3144-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3144-1"
        },
        {
          "name": "USN-3147-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3147-1"
        },
        {
          "name": "[linux-kernel] 20160915 [patch v2] arcmsr: buffer overflow in arcmsr_iop_message_xfer()",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=linux-scsi\u0026m=147394713328707\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7bc2b55a5c030685b399bb65b6baa9ccc3d1f167"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security-tracker.debian.org/tracker/CVE-2016-7425"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/torvalds/linux/commit/7bc2b55a5c030685b399bb65b6baa9ccc3d1f167"
        },
        {
          "name": "USN-3145-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3145-2"
        },
        {
          "name": "93037",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/93037"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-7425",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel through 4.8.2 does not restrict a certain length field, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-3146-2",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-3146-2"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1377330",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1377330"
            },
            {
              "name": "USN-3144-2",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-3144-2"
            },
            {
              "name": "USN-3146-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-3146-1"
            },
            {
              "name": "USN-3145-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-3145-1"
            },
            {
              "name": "[oss-security] 20160916 Re: linux kernel SCSI arcmsr driver: buffer overflow in arcmsr_iop_message_xfer()",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/09/17/2"
            },
            {
              "name": "[linux-kernel] 20160915 Re: [patch v2] arcmsr: buffer overflow in arcmsr_iop_message_xfer()",
              "refsource": "MLIST",
              "url": "http://marc.info/?l=linux-scsi\u0026m=147394796228991\u0026w=2"
            },
            {
              "name": "USN-3144-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-3144-1"
            },
            {
              "name": "USN-3147-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-3147-1"
            },
            {
              "name": "[linux-kernel] 20160915 [patch v2] arcmsr: buffer overflow in arcmsr_iop_message_xfer()",
              "refsource": "MLIST",
              "url": "http://marc.info/?l=linux-scsi\u0026m=147394713328707\u0026w=2"
            },
            {
              "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7bc2b55a5c030685b399bb65b6baa9ccc3d1f167",
              "refsource": "CONFIRM",
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7bc2b55a5c030685b399bb65b6baa9ccc3d1f167"
            },
            {
              "name": "https://security-tracker.debian.org/tracker/CVE-2016-7425",
              "refsource": "CONFIRM",
              "url": "https://security-tracker.debian.org/tracker/CVE-2016-7425"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/7bc2b55a5c030685b399bb65b6baa9ccc3d1f167",
              "refsource": "CONFIRM",
              "url": "https://github.com/torvalds/linux/commit/7bc2b55a5c030685b399bb65b6baa9ccc3d1f167"
            },
            {
              "name": "USN-3145-2",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-3145-2"
            },
            {
              "name": "93037",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/93037"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-7425",
    "datePublished": "2016-10-16T21:00:00",
    "dateReserved": "2016-09-09T00:00:00",
    "dateUpdated": "2024-08-06T01:57:47.611Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-8964 (GCVE-0-2015-8964)

Vulnerability from cvelistv5

Published

2016-11-16 04:49

Modified

2024-08-06 08:36

Severity ?

CWE

n/a

Summary

The tty_set_termios_ldisc function in drivers/tty/tty_ldisc.c in the Linux kernel before 4.5 allows local users to obtain sensitive information from kernel memory by reading a tty data structure.

References

URL

Tags

	http://source.android.com/security/bulletin/2016-11-01.html	x_refsource_CONFIRM
	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dd42bf1197144ede075a9d4793123f7689e164bc	x_refsource_CONFIRM
	https://github.com/torvalds/linux/commit/dd42bf1197144ede075a9d4793123f7689e164bc	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/94138	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T08:36:30.376Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://source.android.com/security/bulletin/2016-11-01.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dd42bf1197144ede075a9d4793123f7689e164bc"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/dd42bf1197144ede075a9d4793123f7689e164bc"
          },
          {
            "name": "94138",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94138"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-04-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The tty_set_termios_ldisc function in drivers/tty/tty_ldisc.c in the Linux kernel before 4.5 allows local users to obtain sensitive information from kernel memory by reading a tty data structure."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-11-25T19:57:01",
        "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
        "shortName": "google_android"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://source.android.com/security/bulletin/2016-11-01.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dd42bf1197144ede075a9d4793123f7689e164bc"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/torvalds/linux/commit/dd42bf1197144ede075a9d4793123f7689e164bc"
        },
        {
          "name": "94138",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94138"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@android.com",
          "ID": "CVE-2015-8964",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The tty_set_termios_ldisc function in drivers/tty/tty_ldisc.c in the Linux kernel before 4.5 allows local users to obtain sensitive information from kernel memory by reading a tty data structure."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://source.android.com/security/bulletin/2016-11-01.html",
              "refsource": "CONFIRM",
              "url": "http://source.android.com/security/bulletin/2016-11-01.html"
            },
            {
              "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dd42bf1197144ede075a9d4793123f7689e164bc",
              "refsource": "CONFIRM",
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dd42bf1197144ede075a9d4793123f7689e164bc"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/dd42bf1197144ede075a9d4793123f7689e164bc",
              "refsource": "CONFIRM",
              "url": "https://github.com/torvalds/linux/commit/dd42bf1197144ede075a9d4793123f7689e164bc"
            },
            {
              "name": "94138",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/94138"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
    "assignerShortName": "google_android",
    "cveId": "CVE-2015-8964",
    "datePublished": "2016-11-16T04:49:00",
    "dateReserved": "2016-10-03T00:00:00",
    "dateUpdated": "2024-08-06T08:36:30.376Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-7042 (GCVE-0-2016-7042)

Vulnerability from cvelistv5

Published

2016-10-16 21:00

Modified

2024-08-06 01:50

Severity ?

CWE

n/a

Summary

The proc_keys_show function in security/keys/proc.c in the Linux kernel through 4.8.2, when the GNU Compiler Collection (gcc) stack protector is enabled, uses an incorrect buffer size for certain timeout data, which allows local users to cause a denial of service (stack memory corruption and panic) by reading the /proc/keys file.

References

URL

Tags

	https://source.android.com/security/bulletin/2017-01-01.html	x_refsource_CONFIRM
	https://bugzilla.redhat.com/show_bug.cgi?id=1373966	x_refsource_CONFIRM
	http://www.openwall.com/lists/oss-security/2016/10/13/5	mailing-list, x_refsource_MLIST
	https://access.redhat.com/errata/RHSA-2017:2669	vendor-advisory, x_refsource_REDHAT
	http://rhn.redhat.com/errata/RHSA-2017-0817.html	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2017:2077	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2017:1842	vendor-advisory, x_refsource_REDHAT
	http://www.securityfocus.com/bid/93544	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:50:47.134Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://source.android.com/security/bulletin/2017-01-01.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1373966"
          },
          {
            "name": "[oss-security] 20161013 kernel: Stack corruption while reading /proc/keys (CVE-2016-7042)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/10/13/5"
          },
          {
            "name": "RHSA-2017:2669",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2669"
          },
          {
            "name": "RHSA-2017:0817",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0817.html"
          },
          {
            "name": "RHSA-2017:2077",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2077"
          },
          {
            "name": "RHSA-2017:1842",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1842"
          },
          {
            "name": "93544",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/93544"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-10-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The proc_keys_show function in security/keys/proc.c in the Linux kernel through 4.8.2, when the GNU Compiler Collection (gcc) stack protector is enabled, uses an incorrect buffer size for certain timeout data, which allows local users to cause a denial of service (stack memory corruption and panic) by reading the /proc/keys file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://source.android.com/security/bulletin/2017-01-01.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1373966"
        },
        {
          "name": "[oss-security] 20161013 kernel: Stack corruption while reading /proc/keys (CVE-2016-7042)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/10/13/5"
        },
        {
          "name": "RHSA-2017:2669",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2669"
        },
        {
          "name": "RHSA-2017:0817",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0817.html"
        },
        {
          "name": "RHSA-2017:2077",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2077"
        },
        {
          "name": "RHSA-2017:1842",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1842"
        },
        {
          "name": "93544",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/93544"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-7042",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The proc_keys_show function in security/keys/proc.c in the Linux kernel through 4.8.2, when the GNU Compiler Collection (gcc) stack protector is enabled, uses an incorrect buffer size for certain timeout data, which allows local users to cause a denial of service (stack memory corruption and panic) by reading the /proc/keys file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://source.android.com/security/bulletin/2017-01-01.html",
              "refsource": "CONFIRM",
              "url": "https://source.android.com/security/bulletin/2017-01-01.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1373966",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1373966"
            },
            {
              "name": "[oss-security] 20161013 kernel: Stack corruption while reading /proc/keys (CVE-2016-7042)",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/10/13/5"
            },
            {
              "name": "RHSA-2017:2669",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2669"
            },
            {
              "name": "RHSA-2017:0817",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0817.html"
            },
            {
              "name": "RHSA-2017:2077",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2077"
            },
            {
              "name": "RHSA-2017:1842",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1842"
            },
            {
              "name": "93544",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/93544"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-7042",
    "datePublished": "2016-10-16T21:00:00",
    "dateReserved": "2016-08-23T00:00:00",
    "dateUpdated": "2024-08-06T01:50:47.134Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-7916 (GCVE-0-2016-7916)

Vulnerability from cvelistv5

Published

2016-11-16 04:49

Modified

2024-08-06 02:13

Severity ?

CWE

n/a

Summary

Race condition in the environ_read function in fs/proc/base.c in the Linux kernel before 4.5.4 allows local users to obtain sensitive information from kernel memory by reading a /proc/*/environ file during a process-setup time interval in which environment-variable copying is incomplete.

References

URL

Tags

	http://source.android.com/security/bulletin/2016-11-01.html	x_refsource_CONFIRM
	https://bugzilla.kernel.org/show_bug.cgi?id=116461	x_refsource_CONFIRM
	http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.4	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/USN-3159-1	vendor-advisory, x_refsource_UBUNTU
	https://forums.grsecurity.net/viewtopic.php?f=3&t=4363	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/USN-3159-2	vendor-advisory, x_refsource_UBUNTU
	http://www.securityfocus.com/bid/94138	vdb-entry, x_refsource_BID
	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8148a73c9901a8794a50f950083c00ccf97d43b3	x_refsource_CONFIRM
	https://github.com/torvalds/linux/commit/8148a73c9901a8794a50f950083c00ccf97d43b3	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:13:20.801Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://source.android.com/security/bulletin/2016-11-01.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.kernel.org/show_bug.cgi?id=116461"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.4"
          },
          {
            "name": "USN-3159-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3159-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://forums.grsecurity.net/viewtopic.php?f=3\u0026t=4363"
          },
          {
            "name": "USN-3159-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3159-2"
          },
          {
            "name": "94138",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94138"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8148a73c9901a8794a50f950083c00ccf97d43b3"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/8148a73c9901a8794a50f950083c00ccf97d43b3"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-04-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Race condition in the environ_read function in fs/proc/base.c in the Linux kernel before 4.5.4 allows local users to obtain sensitive information from kernel memory by reading a /proc/*/environ file during a process-setup time interval in which environment-variable copying is incomplete."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-01-12T22:57:01",
        "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
        "shortName": "google_android"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://source.android.com/security/bulletin/2016-11-01.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.kernel.org/show_bug.cgi?id=116461"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.4"
        },
        {
          "name": "USN-3159-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3159-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://forums.grsecurity.net/viewtopic.php?f=3\u0026t=4363"
        },
        {
          "name": "USN-3159-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3159-2"
        },
        {
          "name": "94138",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94138"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8148a73c9901a8794a50f950083c00ccf97d43b3"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/torvalds/linux/commit/8148a73c9901a8794a50f950083c00ccf97d43b3"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@android.com",
          "ID": "CVE-2016-7916",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Race condition in the environ_read function in fs/proc/base.c in the Linux kernel before 4.5.4 allows local users to obtain sensitive information from kernel memory by reading a /proc/*/environ file during a process-setup time interval in which environment-variable copying is incomplete."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://source.android.com/security/bulletin/2016-11-01.html",
              "refsource": "CONFIRM",
              "url": "http://source.android.com/security/bulletin/2016-11-01.html"
            },
            {
              "name": "https://bugzilla.kernel.org/show_bug.cgi?id=116461",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.kernel.org/show_bug.cgi?id=116461"
            },
            {
              "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.4",
              "refsource": "CONFIRM",
              "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.4"
            },
            {
              "name": "USN-3159-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-3159-1"
            },
            {
              "name": "https://forums.grsecurity.net/viewtopic.php?f=3\u0026t=4363",
              "refsource": "CONFIRM",
              "url": "https://forums.grsecurity.net/viewtopic.php?f=3\u0026t=4363"
            },
            {
              "name": "USN-3159-2",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-3159-2"
            },
            {
              "name": "94138",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/94138"
            },
            {
              "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8148a73c9901a8794a50f950083c00ccf97d43b3",
              "refsource": "CONFIRM",
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8148a73c9901a8794a50f950083c00ccf97d43b3"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/8148a73c9901a8794a50f950083c00ccf97d43b3",
              "refsource": "CONFIRM",
              "url": "https://github.com/torvalds/linux/commit/8148a73c9901a8794a50f950083c00ccf97d43b3"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
    "assignerShortName": "google_android",
    "cveId": "CVE-2016-7916",
    "datePublished": "2016-11-16T04:49:00",
    "dateReserved": "2016-09-09T00:00:00",
    "dateUpdated": "2024-08-06T02:13:20.801Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-9644 (GCVE-0-2016-9644)

Vulnerability from cvelistv5

Published

2016-11-28 03:01

Modified

2024-08-06 02:59

Severity ?

CWE

n/a

Summary

The __get_user_asm_ex macro in arch/x86/include/asm/uaccess.h in the Linux kernel 4.4.22 through 4.4.28 contains extended asm statements that are incompatible with the exception table, which allows local users to obtain root access on non-SMEP platforms via a crafted application. NOTE: this vulnerability exists because of incorrect backporting of the CVE-2016-9178 patch to older kernels.

References

URL

Tags

	http://www.ubuntu.com/usn/USN-3146-2	vendor-advisory, x_refsource_UBUNTU
	http://www.securityfocus.com/bid/94545	vdb-entry, x_refsource_BID
	http://www.ubuntu.com/usn/USN-3146-1	vendor-advisory, x_refsource_UBUNTU
	http://www.openwall.com/lists/oss-security/2016/11/07/4	mailing-list, x_refsource_MLIST
	https://lwn.net/Articles/705220/	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:59:03.223Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-3146-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3146-2"
          },
          {
            "name": "94545",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94545"
          },
          {
            "name": "USN-3146-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3146-1"
          },
          {
            "name": "[oss-security] 20161107 Re: Re: kernel: fix minor infoleak in get_user_ex()",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/11/07/4"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://lwn.net/Articles/705220/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-11-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The __get_user_asm_ex macro in arch/x86/include/asm/uaccess.h in the Linux kernel 4.4.22 through 4.4.28 contains extended asm statements that are incompatible with the exception table, which allows local users to obtain root access on non-SMEP platforms via a crafted application.  NOTE: this vulnerability exists because of incorrect backporting of the CVE-2016-9178 patch to older kernels."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-01-04T21:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "USN-3146-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3146-2"
        },
        {
          "name": "94545",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94545"
        },
        {
          "name": "USN-3146-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3146-1"
        },
        {
          "name": "[oss-security] 20161107 Re: Re: kernel: fix minor infoleak in get_user_ex()",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/11/07/4"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://lwn.net/Articles/705220/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-9644",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The __get_user_asm_ex macro in arch/x86/include/asm/uaccess.h in the Linux kernel 4.4.22 through 4.4.28 contains extended asm statements that are incompatible with the exception table, which allows local users to obtain root access on non-SMEP platforms via a crafted application.  NOTE: this vulnerability exists because of incorrect backporting of the CVE-2016-9178 patch to older kernels."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-3146-2",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-3146-2"
            },
            {
              "name": "94545",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/94545"
            },
            {
              "name": "USN-3146-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-3146-1"
            },
            {
              "name": "[oss-security] 20161107 Re: Re: kernel: fix minor infoleak in get_user_ex()",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/11/07/4"
            },
            {
              "name": "https://lwn.net/Articles/705220/",
              "refsource": "CONFIRM",
              "url": "https://lwn.net/Articles/705220/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-9644",
    "datePublished": "2016-11-28T03:01:00",
    "dateReserved": "2016-11-27T00:00:00",
    "dateUpdated": "2024-08-06T02:59:03.223Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTFR-2016-AVI-426

Vulnerability from certfr_avis

Solution

Tags

Sightings

Nomenclature

Action not permitted

CERTFR-2016-AVI-426

Vulnerability from certfr_avis

Solution

CVE-2016-8645 (GCVE-0-2016-8645)

Vulnerability from cvelistv5

CVE-2016-7097 (GCVE-0-2016-7097)

Vulnerability from cvelistv5

CVE-2016-8630 (GCVE-0-2016-8630)

Vulnerability from cvelistv5

CVE-2016-6213 (GCVE-0-2016-6213)

Vulnerability from cvelistv5

CVE-2016-4568 (GCVE-0-2016-4568)

Vulnerability from cvelistv5

CVE-2016-8658 (GCVE-0-2016-8658)

Vulnerability from cvelistv5

CVE-2016-8633 (GCVE-0-2016-8633)

Vulnerability from cvelistv5

CVE-2016-9313 (GCVE-0-2016-9313)

Vulnerability from cvelistv5

CVE-2016-9178 (GCVE-0-2016-9178)

Vulnerability from cvelistv5

CVE-2016-9555 (GCVE-0-2016-9555)

Vulnerability from cvelistv5

CVE-2016-7425 (GCVE-0-2016-7425)

Vulnerability from cvelistv5

CVE-2015-8964 (GCVE-0-2015-8964)

Vulnerability from cvelistv5

CVE-2016-7042 (GCVE-0-2016-7042)

Vulnerability from cvelistv5

CVE-2016-7916 (GCVE-0-2016-7916)

Vulnerability from cvelistv5

CVE-2016-9644 (GCVE-0-2016-9644)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature