cnvd - cnvd-2016-04595

cnvd-2016-04595

Vulnerability from cnvd

Title

Linux kernel Linux-4.6/drivers/platform/chrome/cros_ec_dev.c缓冲区溢出漏洞

Description

Linux Kernel是Linux操作系统的内核。 Linux kernel 4.6及更早版本，Linux-4.6/drivers/platform/chrome/cros_ec_dev.c实现中存在缓冲区溢出漏洞。远程用户利用构造的用户空间数据，可造成缓冲区溢出。

Severity

中

Formal description

目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://www.kernel.org/

Reference

http://www.kernel.org/

Impacted products

Name
Linux Kernel <=4.6

Show details on source website

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-6156"
    }
  },
  "description": "Linux Kernel\u662fLinux\u64cd\u4f5c\u7cfb\u7edf\u7684\u5185\u6838\u3002\r\n\r\nLinux kernel 4.6\u53ca\u66f4\u65e9\u7248\u672c\uff0cLinux-4.6/drivers/platform/chrome/cros_ec_dev.c\u5b9e\u73b0\u4e2d\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u7528\u6237\u5229\u7528\u6784\u9020\u7684\u7528\u6237\u7a7a\u95f4\u6570\u636e\uff0c\u53ef\u9020\u6210\u7f13\u51b2\u533a\u6ea2\u51fa\u3002",
  "discovererName": "Pengfei Wang",
  "formalWay": "\u76ee\u524d\u5382\u5546\u8fd8\u6ca1\u6709\u63d0\u4f9b\u8865\u4e01\u6216\u8005\u5347\u7ea7\u7a0b\u5e8f\uff0c\u6211\u4eec\u5efa\u8bae\u4f7f\u7528\u6b64\u8f6f\u4ef6\u7684\u7528\u6237\u968f\u65f6\u5173\u6ce8\u5382\u5546\u7684\u4e3b\u9875\u4ee5\u83b7\u53d6\u6700\u65b0\u7248\u672c\uff1a\r\nhttp://www.kernel.org/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-04595",
  "openTime": "2016-07-07",
  "products": {
    "product": "Linux Kernel \u003c=4.6"
  },
  "referenceLink": "http://www.kernel.org/",
  "serverity": "\u4e2d",
  "submitTime": "2016-07-06",
  "title": "Linux kernel Linux-4.6/drivers/platform/chrome/cros_ec_dev.c\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e"
}

CVE-2016-6156 (GCVE-0-2016-6156)

Vulnerability from cvelistv5

Published

2016-08-06 20:00

Modified

2024-08-06 01:22

Severity ?

CWE

n/a

Summary

Race condition in the ec_device_ioctl_xcmd function in drivers/platform/chrome/cros_ec_dev.c in the Linux kernel before 4.7 allows local users to cause a denial of service (out-of-bounds array access) by changing a certain size value, aka a "double fetch" vulnerability.

References

URL

Tags

	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=096cdc6f52225835ff503f987a0d68ef770bb78e	x_refsource_CONFIRM
	https://bugzilla.kernel.org/show_bug.cgi?id=120131	x_refsource_MISC
	https://github.com/torvalds/linux/commit/096cdc6f52225835ff503f987a0d68ef770bb78e	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/91553	vdb-entry, x_refsource_BID
	https://bugzilla.redhat.com/show_bug.cgi?id=1353490	x_refsource_CONFIRM
	http://seclists.org/bugtraq/2016/Jul/20	mailing-list, x_refsource_BUGTRAQ

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:22:20.646Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=096cdc6f52225835ff503f987a0d68ef770bb78e"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.kernel.org/show_bug.cgi?id=120131"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/096cdc6f52225835ff503f987a0d68ef770bb78e"
          },
          {
            "name": "91553",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/91553"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1353490"
          },
          {
            "name": "20160704 [CVE-2016-6156] Double-Fetch Vulnerability in Linux-4.6/drivers/platform/chrome/cros_ec_dev.c",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://seclists.org/bugtraq/2016/Jul/20"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-04-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Race condition in the ec_device_ioctl_xcmd function in drivers/platform/chrome/cros_ec_dev.c in the Linux kernel before 4.7 allows local users to cause a denial of service (out-of-bounds array access) by changing a certain size value, aka a \"double fetch\" vulnerability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-11-25T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=096cdc6f52225835ff503f987a0d68ef770bb78e"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.kernel.org/show_bug.cgi?id=120131"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/torvalds/linux/commit/096cdc6f52225835ff503f987a0d68ef770bb78e"
        },
        {
          "name": "91553",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/91553"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1353490"
        },
        {
          "name": "20160704 [CVE-2016-6156] Double-Fetch Vulnerability in Linux-4.6/drivers/platform/chrome/cros_ec_dev.c",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://seclists.org/bugtraq/2016/Jul/20"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-6156",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Race condition in the ec_device_ioctl_xcmd function in drivers/platform/chrome/cros_ec_dev.c in the Linux kernel before 4.7 allows local users to cause a denial of service (out-of-bounds array access) by changing a certain size value, aka a \"double fetch\" vulnerability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=096cdc6f52225835ff503f987a0d68ef770bb78e",
              "refsource": "CONFIRM",
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=096cdc6f52225835ff503f987a0d68ef770bb78e"
            },
            {
              "name": "https://bugzilla.kernel.org/show_bug.cgi?id=120131",
              "refsource": "MISC",
              "url": "https://bugzilla.kernel.org/show_bug.cgi?id=120131"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/096cdc6f52225835ff503f987a0d68ef770bb78e",
              "refsource": "CONFIRM",
              "url": "https://github.com/torvalds/linux/commit/096cdc6f52225835ff503f987a0d68ef770bb78e"
            },
            {
              "name": "91553",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/91553"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1353490",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1353490"
            },
            {
              "name": "20160704 [CVE-2016-6156] Double-Fetch Vulnerability in Linux-4.6/drivers/platform/chrome/cros_ec_dev.c",
              "refsource": "BUGTRAQ",
              "url": "http://seclists.org/bugtraq/2016/Jul/20"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-6156",
    "datePublished": "2016-08-06T20:00:00",
    "dateReserved": "2016-07-01T00:00:00",
    "dateUpdated": "2024-08-06T01:22:20.646Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.