csaf_suse - suse-su-2016:2002-1

suse-su-2016:2002-1

Vulnerability from csaf_suse

Published

2016-08-09 11:57

Modified

2016-08-09 11:57

Summary

Security update for Linux Kernel Live Patch 10 for SLE 12

Notes

Title of the patch

Security update for Linux Kernel Live Patch 10 for SLE 12

Description of the patch

This update for the Linux Kernel 3.12.51-52_34 fixes several issues. The following security bugs were fixed: - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bsc#984764). - CVE-2016-1583: The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling (bsc#983144). - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel incorrectly relied on the write system call, which allowed local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface (bsc#980883). - CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in the Linux kernel allowed local users to gain privileges via crafted ASN.1 data (bsc#980856). - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel allowed attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c (bsc#979074). - CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in the Linux kernel did not properly maintain a hub-interface data structure, which allowed physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device (bsc#979064). - CVE-2016-3134: The netfilter subsystem in the Linux kernel did not validate certain offset fields, which allowed local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call (bsc#971793). - CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel allowed local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls (bsc#973570, bsc#955837).

Patchnames

SUSE-SLE-SAP-12-2016-1190,SUSE-SLE-SERVER-12-2016-1190

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for Linux Kernel Live Patch 10 for SLE 12",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for the Linux Kernel 3.12.51-52_34 fixes several issues.\n\nThe following security bugs were fixed:\n- CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bsc#984764).\n- CVE-2016-1583: The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling (bsc#983144).\n- CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel incorrectly relied on the write system call, which allowed local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface (bsc#980883).\n- CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in the Linux kernel allowed local users to gain privileges via crafted ASN.1 data (bsc#980856).\n- CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel allowed attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c (bsc#979074).\n- CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in the Linux kernel did not properly maintain a hub-interface data structure, which allowed physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device (bsc#979064).\n- CVE-2016-3134: The netfilter subsystem in the Linux kernel did not validate certain offset fields, which allowed local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call (bsc#971793).\n- CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel allowed local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls (bsc#973570, bsc#955837).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-SLE-SAP-12-2016-1190,SUSE-SLE-SERVER-12-2016-1190",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2016_2002-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2016:2002-1",
        "url": "https://www.suse.com/support/update/announcement/2016/suse-su-20162002-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2016:2002-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2016-August/002189.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 955837",
        "url": "https://bugzilla.suse.com/955837"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 971793",
        "url": "https://bugzilla.suse.com/971793"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 973570",
        "url": "https://bugzilla.suse.com/973570"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 979064",
        "url": "https://bugzilla.suse.com/979064"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 979074",
        "url": "https://bugzilla.suse.com/979074"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 980856",
        "url": "https://bugzilla.suse.com/980856"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 980883",
        "url": "https://bugzilla.suse.com/980883"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 983144",
        "url": "https://bugzilla.suse.com/983144"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 984764",
        "url": "https://bugzilla.suse.com/984764"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2013-7446 page",
        "url": "https://www.suse.com/security/cve/CVE-2013-7446/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2015-8816 page",
        "url": "https://www.suse.com/security/cve/CVE-2015-8816/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-0758 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-0758/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-1583 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-1583/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-2053 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-2053/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-3134 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-3134/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-4470 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-4470/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-4565 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-4565/"
      }
    ],
    "title": "Security update for Linux Kernel Live Patch 10 for SLE 12",
    "tracking": {
      "current_release_date": "2016-08-09T11:57:22Z",
      "generator": {
        "date": "2016-08-09T11:57:22Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2016:2002-1",
      "initial_release_date": "2016-08-09T11:57:22Z",
      "revision_history": [
        {
          "date": "2016-08-09T11:57:22Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kgraft-patch-3_12_51-52_34-default-5-2.2.x86_64",
                "product": {
                  "name": "kgraft-patch-3_12_51-52_34-default-5-2.2.x86_64",
                  "product_id": "kgraft-patch-3_12_51-52_34-default-5-2.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kgraft-patch-3_12_51-52_34-xen-5-2.2.x86_64",
                "product": {
                  "name": "kgraft-patch-3_12_51-52_34-xen-5-2.2.x86_64",
                  "product_id": "kgraft-patch-3_12_51-52_34-xen-5-2.2.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 12",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 12",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 12",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:12"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 12-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss:12"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-3_12_51-52_34-default-5-2.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_34-default-5-2.2.x86_64"
        },
        "product_reference": "kgraft-patch-3_12_51-52_34-default-5-2.2.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-3_12_51-52_34-xen-5-2.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_34-xen-5-2.2.x86_64"
        },
        "product_reference": "kgraft-patch-3_12_51-52_34-xen-5-2.2.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-3_12_51-52_34-default-5-2.2.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_34-default-5-2.2.x86_64"
        },
        "product_reference": "kgraft-patch-3_12_51-52_34-default-5-2.2.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-3_12_51-52_34-xen-5-2.2.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_34-xen-5-2.2.x86_64"
        },
        "product_reference": "kgraft-patch-3_12_51-52_34-xen-5-2.2.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2013-7446",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2013-7446"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel before 4.3.3 allows local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_34-default-5-2.2.x86_64",
          "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_34-xen-5-2.2.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_34-default-5-2.2.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_34-xen-5-2.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2013-7446",
          "url": "https://www.suse.com/security/cve/CVE-2013-7446"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1020452 for CVE-2013-7446",
          "url": "https://bugzilla.suse.com/1020452"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 955654 for CVE-2013-7446",
          "url": "https://bugzilla.suse.com/955654"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 955837 for CVE-2013-7446",
          "url": "https://bugzilla.suse.com/955837"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_34-default-5-2.2.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_34-xen-5-2.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_34-default-5-2.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_34-xen-5-2.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-08-09T11:57:22Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2013-7446"
    },
    {
      "cve": "CVE-2015-8816",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2015-8816"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_34-default-5-2.2.x86_64",
          "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_34-xen-5-2.2.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_34-default-5-2.2.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_34-xen-5-2.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2015-8816",
          "url": "https://www.suse.com/security/cve/CVE-2015-8816"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1020452 for CVE-2015-8816",
          "url": "https://bugzilla.suse.com/1020452"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 968010 for CVE-2015-8816",
          "url": "https://bugzilla.suse.com/968010"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 979064 for CVE-2015-8816",
          "url": "https://bugzilla.suse.com/979064"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_34-default-5-2.2.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_34-xen-5-2.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_34-default-5-2.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_34-xen-5-2.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_34-default-5-2.2.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_34-xen-5-2.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_34-default-5-2.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_34-xen-5-2.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-08-09T11:57:22Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2015-8816"
    },
    {
      "cve": "CVE-2016-0758",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-0758"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Integer overflow in lib/asn1_decoder.c in the Linux kernel before 4.6 allows local users to gain privileges via crafted ASN.1 data.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_34-default-5-2.2.x86_64",
          "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_34-xen-5-2.2.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_34-default-5-2.2.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_34-xen-5-2.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-0758",
          "url": "https://www.suse.com/security/cve/CVE-2016-0758"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1020452 for CVE-2016-0758",
          "url": "https://bugzilla.suse.com/1020452"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1072204 for CVE-2016-0758",
          "url": "https://bugzilla.suse.com/1072204"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1115893 for CVE-2016-0758",
          "url": "https://bugzilla.suse.com/1115893"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 979867 for CVE-2016-0758",
          "url": "https://bugzilla.suse.com/979867"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 980856 for CVE-2016-0758",
          "url": "https://bugzilla.suse.com/980856"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_34-default-5-2.2.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_34-xen-5-2.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_34-default-5-2.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_34-xen-5-2.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_34-default-5-2.2.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_34-xen-5-2.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_34-default-5-2.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_34-xen-5-2.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-08-09T11:57:22Z",
          "details": "important"
        }
      ],
      "title": "CVE-2016-0758"
    },
    {
      "cve": "CVE-2016-1583",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-1583"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_34-default-5-2.2.x86_64",
          "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_34-xen-5-2.2.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_34-default-5-2.2.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_34-xen-5-2.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-1583",
          "url": "https://www.suse.com/security/cve/CVE-2016-1583"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1020452 for CVE-2016-1583",
          "url": "https://bugzilla.suse.com/1020452"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1052256 for CVE-2016-1583",
          "url": "https://bugzilla.suse.com/1052256"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 983143 for CVE-2016-1583",
          "url": "https://bugzilla.suse.com/983143"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 983144 for CVE-2016-1583",
          "url": "https://bugzilla.suse.com/983144"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_34-default-5-2.2.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_34-xen-5-2.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_34-default-5-2.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_34-xen-5-2.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_34-default-5-2.2.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_34-xen-5-2.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_34-default-5-2.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_34-xen-5-2.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-08-09T11:57:22Z",
          "details": "important"
        }
      ],
      "title": "CVE-2016-1583"
    },
    {
      "cve": "CVE-2016-2053",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-2053"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel before 4.3 allows attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_34-default-5-2.2.x86_64",
          "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_34-xen-5-2.2.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_34-default-5-2.2.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_34-xen-5-2.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-2053",
          "url": "https://www.suse.com/security/cve/CVE-2016-2053"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1020452 for CVE-2016-2053",
          "url": "https://bugzilla.suse.com/1020452"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 963762 for CVE-2016-2053",
          "url": "https://bugzilla.suse.com/963762"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 979074 for CVE-2016-2053",
          "url": "https://bugzilla.suse.com/979074"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_34-default-5-2.2.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_34-xen-5-2.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_34-default-5-2.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_34-xen-5-2.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_34-default-5-2.2.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_34-xen-5-2.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_34-default-5-2.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_34-xen-5-2.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-08-09T11:57:22Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2016-2053"
    },
    {
      "cve": "CVE-2016-3134",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-3134"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_34-default-5-2.2.x86_64",
          "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_34-xen-5-2.2.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_34-default-5-2.2.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_34-xen-5-2.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-3134",
          "url": "https://www.suse.com/security/cve/CVE-2016-3134"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1020452 for CVE-2016-3134",
          "url": "https://bugzilla.suse.com/1020452"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1052256 for CVE-2016-3134",
          "url": "https://bugzilla.suse.com/1052256"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1115893 for CVE-2016-3134",
          "url": "https://bugzilla.suse.com/1115893"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 971126 for CVE-2016-3134",
          "url": "https://bugzilla.suse.com/971126"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 971793 for CVE-2016-3134",
          "url": "https://bugzilla.suse.com/971793"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 986362 for CVE-2016-3134",
          "url": "https://bugzilla.suse.com/986362"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 986365 for CVE-2016-3134",
          "url": "https://bugzilla.suse.com/986365"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 986377 for CVE-2016-3134",
          "url": "https://bugzilla.suse.com/986377"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_34-default-5-2.2.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_34-xen-5-2.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_34-default-5-2.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_34-xen-5-2.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_34-default-5-2.2.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_34-xen-5-2.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_34-default-5-2.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_34-xen-5-2.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-08-09T11:57:22Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2016-3134"
    },
    {
      "cve": "CVE-2016-4470",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-4470"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_34-default-5-2.2.x86_64",
          "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_34-xen-5-2.2.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_34-default-5-2.2.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_34-xen-5-2.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-4470",
          "url": "https://www.suse.com/security/cve/CVE-2016-4470"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1020452 for CVE-2016-4470",
          "url": "https://bugzilla.suse.com/1020452"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 984755 for CVE-2016-4470",
          "url": "https://bugzilla.suse.com/984755"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 984764 for CVE-2016-4470",
          "url": "https://bugzilla.suse.com/984764"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 991651 for CVE-2016-4470",
          "url": "https://bugzilla.suse.com/991651"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_34-default-5-2.2.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_34-xen-5-2.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_34-default-5-2.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_34-xen-5-2.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_34-default-5-2.2.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_34-xen-5-2.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_34-default-5-2.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_34-xen-5-2.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-08-09T11:57:22Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2016-4470"
    },
    {
      "cve": "CVE-2016-4565",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-4565"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The InfiniBand (aka IB) stack in the Linux kernel before 4.5.3 incorrectly relies on the write system call, which allows local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_34-default-5-2.2.x86_64",
          "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_34-xen-5-2.2.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_34-default-5-2.2.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_34-xen-5-2.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-4565",
          "url": "https://www.suse.com/security/cve/CVE-2016-4565"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1020452 for CVE-2016-4565",
          "url": "https://bugzilla.suse.com/1020452"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 979548 for CVE-2016-4565",
          "url": "https://bugzilla.suse.com/979548"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 980363 for CVE-2016-4565",
          "url": "https://bugzilla.suse.com/980363"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 980883 for CVE-2016-4565",
          "url": "https://bugzilla.suse.com/980883"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_34-default-5-2.2.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_34-xen-5-2.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_34-default-5-2.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_34-xen-5-2.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_34-default-5-2.2.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_51-52_34-xen-5-2.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_34-default-5-2.2.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_51-52_34-xen-5-2.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2016-08-09T11:57:22Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2016-4565"
    }
  ]
}

CVE-2016-4470 (GCVE-0-2016-4470)

Vulnerability from cvelistv5

Published

2016-06-27 10:00

Modified

2024-08-06 00:32

Severity ?

CWE

Summary

The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command.

References

URL

Tags

	http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00023.html	vendor-advisory, x_refsource_SUSE
	http://www.ubuntu.com/usn/USN-3054-1	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00017.html	vendor-advisory, x_refsource_SUSE
	http://rhn.redhat.com/errata/RHSA-2016-1657.html	vendor-advisory, x_refsource_REDHAT
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html	vendor-advisory, x_refsource_SUSE
	http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/USN-3051-1	vendor-advisory, x_refsource_UBUNTU
	http://rhn.redhat.com/errata/RHSA-2016-2128.html	vendor-advisory, x_refsource_REDHAT
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html	vendor-advisory, x_refsource_SUSE
	http://rhn.redhat.com/errata/RHSA-2016-2133.html	vendor-advisory, x_refsource_REDHAT
	http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html	vendor-advisory, x_refsource_SUSE
	http://www.ubuntu.com/usn/USN-3053-1	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00012.html	vendor-advisory, x_refsource_SUSE
	http://www.ubuntu.com/usn/USN-3055-1	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html	vendor-advisory, x_refsource_SUSE
	http://www.ubuntu.com/usn/USN-3056-1	vendor-advisory, x_refsource_UBUNTU
	http://www.ubuntu.com/usn/USN-3052-1	vendor-advisory, x_refsource_UBUNTU
	http://www.ubuntu.com/usn/USN-3049-1	vendor-advisory, x_refsource_UBUNTU
	http://rhn.redhat.com/errata/RHSA-2016-1541.html	vendor-advisory, x_refsource_REDHAT
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00027.html	vendor-advisory, x_refsource_SUSE
	http://www.debian.org/security/2016/dsa-3607	vendor-advisory, x_refsource_DEBIAN
	http://rhn.redhat.com/errata/RHSA-2016-1539.html	vendor-advisory, x_refsource_REDHAT
	http://www.securitytracker.com/id/1036763	vdb-entry, x_refsource_SECTRACK
	http://rhn.redhat.com/errata/RHSA-2016-1532.html	vendor-advisory, x_refsource_REDHAT
	http://rhn.redhat.com/errata/RHSA-2016-2006.html	vendor-advisory, x_refsource_REDHAT
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html	vendor-advisory, x_refsource_SUSE
	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=38327424b40bcebe2de92d07312c89360ac9229a	x_refsource_CONFIRM
	http://www.openwall.com/lists/oss-security/2016/06/15/11	mailing-list, x_refsource_MLIST
	https://bugzilla.redhat.com/show_bug.cgi?id=1341716	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/USN-3050-1	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00013.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html	vendor-advisory, x_refsource_SUSE
	http://rhn.redhat.com/errata/RHSA-2016-2076.html	vendor-advisory, x_refsource_REDHAT
	http://www.ubuntu.com/usn/USN-3057-1	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html	vendor-advisory, x_refsource_SUSE
	http://rhn.redhat.com/errata/RHSA-2016-2074.html	vendor-advisory, x_refsource_REDHAT
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html	vendor-advisory, x_refsource_SUSE
	https://github.com/torvalds/linux/commit/38327424b40bcebe2de92d07312c89360ac9229a	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html	vendor-advisory, x_refsource_SUSE

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T00:32:25.328Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
          },
          {
            "name": "SUSE-SU-2016:2010",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html"
          },
          {
            "name": "SUSE-SU-2016:2011",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00023.html"
          },
          {
            "name": "USN-3054-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3054-1"
          },
          {
            "name": "SUSE-SU-2016:2003",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00017.html"
          },
          {
            "name": "RHSA-2016:1657",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1657.html"
          },
          {
            "name": "SUSE-SU-2016:1994",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
          },
          {
            "name": "USN-3051-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3051-1"
          },
          {
            "name": "RHSA-2016:2128",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2128.html"
          },
          {
            "name": "SUSE-SU-2016:1961",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html"
          },
          {
            "name": "RHSA-2016:2133",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2133.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
          },
          {
            "name": "SUSE-SU-2016:2001",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html"
          },
          {
            "name": "SUSE-SU-2016:1985",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
          },
          {
            "name": "USN-3053-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3053-1"
          },
          {
            "name": "openSUSE-SU-2016:2184",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
          },
          {
            "name": "SUSE-SU-2016:1998",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00012.html"
          },
          {
            "name": "USN-3055-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3055-1"
          },
          {
            "name": "SUSE-SU-2016:2006",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html"
          },
          {
            "name": "USN-3056-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3056-1"
          },
          {
            "name": "USN-3052-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3052-1"
          },
          {
            "name": "USN-3049-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3049-1"
          },
          {
            "name": "RHSA-2016:1541",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1541.html"
          },
          {
            "name": "SUSE-SU-2016:2014",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html"
          },
          {
            "name": "SUSE-SU-2016:2018",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00027.html"
          },
          {
            "name": "DSA-3607",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3607"
          },
          {
            "name": "RHSA-2016:1539",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1539.html"
          },
          {
            "name": "1036763",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036763"
          },
          {
            "name": "RHSA-2016:1532",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1532.html"
          },
          {
            "name": "RHSA-2016:2006",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2006.html"
          },
          {
            "name": "SUSE-SU-2016:2009",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=38327424b40bcebe2de92d07312c89360ac9229a"
          },
          {
            "name": "[oss-security] 20160615 CVE-2016-4470: Linux kernel Uninitialized variable in request_key handling user controlled kfree().",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/06/15/11"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1341716"
          },
          {
            "name": "USN-3050-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3050-1"
          },
          {
            "name": "SUSE-SU-2016:2005",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html"
          },
          {
            "name": "SUSE-SU-2016:2007",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html"
          },
          {
            "name": "SUSE-SU-2016:1999",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00013.html"
          },
          {
            "name": "SUSE-SU-2016:2000",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html"
          },
          {
            "name": "RHSA-2016:2076",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2076.html"
          },
          {
            "name": "USN-3057-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3057-1"
          },
          {
            "name": "SUSE-SU-2016:1995",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html"
          },
          {
            "name": "RHSA-2016:2074",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2074.html"
          },
          {
            "name": "SUSE-SU-2016:2105",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
          },
          {
            "name": "SUSE-SU-2016:2002",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/38327424b40bcebe2de92d07312c89360ac9229a"
          },
          {
            "name": "SUSE-SU-2016:1937",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-06-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
        },
        {
          "name": "SUSE-SU-2016:2010",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html"
        },
        {
          "name": "SUSE-SU-2016:2011",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00023.html"
        },
        {
          "name": "USN-3054-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3054-1"
        },
        {
          "name": "SUSE-SU-2016:2003",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00017.html"
        },
        {
          "name": "RHSA-2016:1657",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1657.html"
        },
        {
          "name": "SUSE-SU-2016:1994",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
        },
        {
          "name": "USN-3051-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3051-1"
        },
        {
          "name": "RHSA-2016:2128",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2128.html"
        },
        {
          "name": "SUSE-SU-2016:1961",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html"
        },
        {
          "name": "RHSA-2016:2133",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2133.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
        },
        {
          "name": "SUSE-SU-2016:2001",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html"
        },
        {
          "name": "SUSE-SU-2016:1985",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
        },
        {
          "name": "USN-3053-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3053-1"
        },
        {
          "name": "openSUSE-SU-2016:2184",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
        },
        {
          "name": "SUSE-SU-2016:1998",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00012.html"
        },
        {
          "name": "USN-3055-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3055-1"
        },
        {
          "name": "SUSE-SU-2016:2006",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html"
        },
        {
          "name": "USN-3056-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3056-1"
        },
        {
          "name": "USN-3052-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3052-1"
        },
        {
          "name": "USN-3049-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3049-1"
        },
        {
          "name": "RHSA-2016:1541",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1541.html"
        },
        {
          "name": "SUSE-SU-2016:2014",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html"
        },
        {
          "name": "SUSE-SU-2016:2018",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00027.html"
        },
        {
          "name": "DSA-3607",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3607"
        },
        {
          "name": "RHSA-2016:1539",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1539.html"
        },
        {
          "name": "1036763",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1036763"
        },
        {
          "name": "RHSA-2016:1532",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1532.html"
        },
        {
          "name": "RHSA-2016:2006",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2006.html"
        },
        {
          "name": "SUSE-SU-2016:2009",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=38327424b40bcebe2de92d07312c89360ac9229a"
        },
        {
          "name": "[oss-security] 20160615 CVE-2016-4470: Linux kernel Uninitialized variable in request_key handling user controlled kfree().",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/06/15/11"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1341716"
        },
        {
          "name": "USN-3050-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3050-1"
        },
        {
          "name": "SUSE-SU-2016:2005",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html"
        },
        {
          "name": "SUSE-SU-2016:2007",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html"
        },
        {
          "name": "SUSE-SU-2016:1999",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00013.html"
        },
        {
          "name": "SUSE-SU-2016:2000",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html"
        },
        {
          "name": "RHSA-2016:2076",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2076.html"
        },
        {
          "name": "USN-3057-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3057-1"
        },
        {
          "name": "SUSE-SU-2016:1995",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html"
        },
        {
          "name": "RHSA-2016:2074",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2074.html"
        },
        {
          "name": "SUSE-SU-2016:2105",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
        },
        {
          "name": "SUSE-SU-2016:2002",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/torvalds/linux/commit/38327424b40bcebe2de92d07312c89360ac9229a"
        },
        {
          "name": "SUSE-SU-2016:1937",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-4470",
    "datePublished": "2016-06-27T10:00:00",
    "dateReserved": "2016-05-02T00:00:00",
    "dateUpdated": "2024-08-06T00:32:25.328Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-4565 (GCVE-0-2016-4565)

Vulnerability from cvelistv5

Published

2016-05-23 10:00

Modified

2024-08-06 00:32

Severity ?

CWE

Summary

The InfiniBand (aka IB) stack in the Linux kernel before 4.5.3 incorrectly relies on the write system call, which allows local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface.

References

URL

Tags

	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html	vendor-advisory, x_refsource_SUSE
	http://www.ubuntu.com/usn/USN-3006-1	vendor-advisory, x_refsource_UBUNTU
	http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/USN-3004-1	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00023.html	vendor-advisory, x_refsource_SUSE
	http://www.ubuntu.com/usn/USN-3001-1	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00017.html	vendor-advisory, x_refsource_SUSE
	http://rhn.redhat.com/errata/RHSA-2016-1640.html	vendor-advisory, x_refsource_REDHAT
	http://rhn.redhat.com/errata/RHSA-2016-1657.html	vendor-advisory, x_refsource_REDHAT
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html	vendor-advisory, x_refsource_SUSE
	http://www.securityfocus.com/bid/90301	vdb-entry, x_refsource_BID
	https://access.redhat.com/errata/RHSA-2016:1406	vendor-advisory, x_refsource_REDHAT
	http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2016:1341	vendor-advisory, x_refsource_REDHAT
	http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html	vendor-advisory, x_refsource_SUSE
	http://www.ubuntu.com/usn/USN-3005-1	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html	vendor-advisory, x_refsource_SUSE
	https://access.redhat.com/errata/RHSA-2016:1301	vendor-advisory, x_refsource_REDHAT
	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e6bd18f57aad1a2d1ef40e646d03ed0f2515c9e3	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2016-1814.html	vendor-advisory, x_refsource_REDHAT
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html	vendor-advisory, x_refsource_SUSE
	https://github.com/torvalds/linux/commit/e6bd18f57aad1a2d1ef40e646d03ed0f2515c9e3	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/USN-3018-2	vendor-advisory, x_refsource_UBUNTU
	http://www.ubuntu.com/usn/USN-3021-2	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html	vendor-advisory, x_refsource_SUSE
	http://rhn.redhat.com/errata/RHSA-2016-1489.html	vendor-advisory, x_refsource_REDHAT
	http://www.ubuntu.com/usn/USN-3019-1	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html	vendor-advisory, x_refsource_SUSE
	http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.3	x_refsource_CONFIRM
	http://www.debian.org/security/2016/dsa-3607	vendor-advisory, x_refsource_DEBIAN
	http://www.ubuntu.com/usn/USN-3002-1	vendor-advisory, x_refsource_UBUNTU
	https://bugzilla.redhat.com/show_bug.cgi?id=1310570	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html	vendor-advisory, x_refsource_SUSE
	http://www.ubuntu.com/usn/USN-3021-1	vendor-advisory, x_refsource_UBUNTU
	http://www.ubuntu.com/usn/USN-3018-1	vendor-advisory, x_refsource_UBUNTU
	http://rhn.redhat.com/errata/RHSA-2016-1617.html	vendor-advisory, x_refsource_REDHAT
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html	vendor-advisory, x_refsource_SUSE
	http://www.ubuntu.com/usn/USN-3007-1	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html	vendor-advisory, x_refsource_SUSE
	http://www.ubuntu.com/usn/USN-3003-1	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html	vendor-advisory, x_refsource_SUSE
	http://rhn.redhat.com/errata/RHSA-2016-1581.html	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2016:1277	vendor-advisory, x_refsource_REDHAT
	http://www.openwall.com/lists/oss-security/2016/05/07/1	mailing-list, x_refsource_MLIST
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html	vendor-advisory, x_refsource_SUSE

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T00:32:25.910Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SUSE-SU-2016:1690",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
          },
          {
            "name": "USN-3006-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3006-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
          },
          {
            "name": "USN-3004-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3004-1"
          },
          {
            "name": "SUSE-SU-2016:2010",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html"
          },
          {
            "name": "SUSE-SU-2016:2011",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00023.html"
          },
          {
            "name": "USN-3001-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3001-1"
          },
          {
            "name": "SUSE-SU-2016:2003",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00017.html"
          },
          {
            "name": "RHSA-2016:1640",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1640.html"
          },
          {
            "name": "RHSA-2016:1657",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1657.html"
          },
          {
            "name": "SUSE-SU-2016:1994",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html"
          },
          {
            "name": "90301",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/90301"
          },
          {
            "name": "RHSA-2016:1406",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2016:1406"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
          },
          {
            "name": "RHSA-2016:1341",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2016:1341"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
          },
          {
            "name": "SUSE-SU-2016:1961",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html"
          },
          {
            "name": "USN-3005-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3005-1"
          },
          {
            "name": "SUSE-SU-2016:2001",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html"
          },
          {
            "name": "SUSE-SU-2016:1985",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
          },
          {
            "name": "RHSA-2016:1301",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2016:1301"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e6bd18f57aad1a2d1ef40e646d03ed0f2515c9e3"
          },
          {
            "name": "RHSA-2016:1814",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1814.html"
          },
          {
            "name": "openSUSE-SU-2016:2184",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/e6bd18f57aad1a2d1ef40e646d03ed0f2515c9e3"
          },
          {
            "name": "USN-3018-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3018-2"
          },
          {
            "name": "USN-3021-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3021-2"
          },
          {
            "name": "SUSE-SU-2016:2006",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html"
          },
          {
            "name": "SUSE-SU-2016:2014",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html"
          },
          {
            "name": "RHSA-2016:1489",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1489.html"
          },
          {
            "name": "USN-3019-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3019-1"
          },
          {
            "name": "openSUSE-SU-2016:1641",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.3"
          },
          {
            "name": "DSA-3607",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3607"
          },
          {
            "name": "USN-3002-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3002-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1310570"
          },
          {
            "name": "SUSE-SU-2016:1672",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
          },
          {
            "name": "SUSE-SU-2016:2009",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html"
          },
          {
            "name": "USN-3021-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3021-1"
          },
          {
            "name": "USN-3018-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3018-1"
          },
          {
            "name": "RHSA-2016:1617",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1617.html"
          },
          {
            "name": "SUSE-SU-2016:2005",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html"
          },
          {
            "name": "SUSE-SU-2016:2007",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html"
          },
          {
            "name": "USN-3007-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3007-1"
          },
          {
            "name": "SUSE-SU-2016:2000",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html"
          },
          {
            "name": "USN-3003-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3003-1"
          },
          {
            "name": "SUSE-SU-2016:1995",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html"
          },
          {
            "name": "SUSE-SU-2016:2105",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
          },
          {
            "name": "SUSE-SU-2016:2002",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html"
          },
          {
            "name": "RHSA-2016:1581",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1581.html"
          },
          {
            "name": "RHSA-2016:1277",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2016:1277"
          },
          {
            "name": "[oss-security] 20160507 CVE Request: Linux: IB/security: Restrict use of the write() interface\u0027",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/05/07/1"
          },
          {
            "name": "SUSE-SU-2016:1937",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-05-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The InfiniBand (aka IB) stack in the Linux kernel before 4.5.3 incorrectly relies on the write system call, which allows local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01",
        "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "shortName": "debian"
      },
      "references": [
        {
          "name": "SUSE-SU-2016:1690",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
        },
        {
          "name": "USN-3006-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3006-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
        },
        {
          "name": "USN-3004-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3004-1"
        },
        {
          "name": "SUSE-SU-2016:2010",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html"
        },
        {
          "name": "SUSE-SU-2016:2011",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00023.html"
        },
        {
          "name": "USN-3001-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3001-1"
        },
        {
          "name": "SUSE-SU-2016:2003",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00017.html"
        },
        {
          "name": "RHSA-2016:1640",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1640.html"
        },
        {
          "name": "RHSA-2016:1657",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1657.html"
        },
        {
          "name": "SUSE-SU-2016:1994",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html"
        },
        {
          "name": "90301",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/90301"
        },
        {
          "name": "RHSA-2016:1406",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2016:1406"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
        },
        {
          "name": "RHSA-2016:1341",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2016:1341"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
        },
        {
          "name": "SUSE-SU-2016:1961",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html"
        },
        {
          "name": "USN-3005-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3005-1"
        },
        {
          "name": "SUSE-SU-2016:2001",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html"
        },
        {
          "name": "SUSE-SU-2016:1985",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
        },
        {
          "name": "RHSA-2016:1301",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2016:1301"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e6bd18f57aad1a2d1ef40e646d03ed0f2515c9e3"
        },
        {
          "name": "RHSA-2016:1814",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1814.html"
        },
        {
          "name": "openSUSE-SU-2016:2184",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/torvalds/linux/commit/e6bd18f57aad1a2d1ef40e646d03ed0f2515c9e3"
        },
        {
          "name": "USN-3018-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3018-2"
        },
        {
          "name": "USN-3021-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3021-2"
        },
        {
          "name": "SUSE-SU-2016:2006",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html"
        },
        {
          "name": "SUSE-SU-2016:2014",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html"
        },
        {
          "name": "RHSA-2016:1489",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1489.html"
        },
        {
          "name": "USN-3019-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3019-1"
        },
        {
          "name": "openSUSE-SU-2016:1641",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.3"
        },
        {
          "name": "DSA-3607",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3607"
        },
        {
          "name": "USN-3002-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3002-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1310570"
        },
        {
          "name": "SUSE-SU-2016:1672",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
        },
        {
          "name": "SUSE-SU-2016:2009",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html"
        },
        {
          "name": "USN-3021-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3021-1"
        },
        {
          "name": "USN-3018-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3018-1"
        },
        {
          "name": "RHSA-2016:1617",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1617.html"
        },
        {
          "name": "SUSE-SU-2016:2005",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html"
        },
        {
          "name": "SUSE-SU-2016:2007",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html"
        },
        {
          "name": "USN-3007-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3007-1"
        },
        {
          "name": "SUSE-SU-2016:2000",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html"
        },
        {
          "name": "USN-3003-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3003-1"
        },
        {
          "name": "SUSE-SU-2016:1995",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html"
        },
        {
          "name": "SUSE-SU-2016:2105",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
        },
        {
          "name": "SUSE-SU-2016:2002",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html"
        },
        {
          "name": "RHSA-2016:1581",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1581.html"
        },
        {
          "name": "RHSA-2016:1277",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2016:1277"
        },
        {
          "name": "[oss-security] 20160507 CVE Request: Linux: IB/security: Restrict use of the write() interface\u0027",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/05/07/1"
        },
        {
          "name": "SUSE-SU-2016:1937",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@debian.org",
          "ID": "CVE-2016-4565",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The InfiniBand (aka IB) stack in the Linux kernel before 4.5.3 incorrectly relies on the write system call, which allows local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "SUSE-SU-2016:1690",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
            },
            {
              "name": "USN-3006-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-3006-1"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
            },
            {
              "name": "USN-3004-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-3004-1"
            },
            {
              "name": "SUSE-SU-2016:2010",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html"
            },
            {
              "name": "SUSE-SU-2016:2011",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00023.html"
            },
            {
              "name": "USN-3001-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-3001-1"
            },
            {
              "name": "SUSE-SU-2016:2003",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00017.html"
            },
            {
              "name": "RHSA-2016:1640",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1640.html"
            },
            {
              "name": "RHSA-2016:1657",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1657.html"
            },
            {
              "name": "SUSE-SU-2016:1994",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html"
            },
            {
              "name": "90301",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/90301"
            },
            {
              "name": "RHSA-2016:1406",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2016:1406"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
            },
            {
              "name": "RHSA-2016:1341",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2016:1341"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
            },
            {
              "name": "SUSE-SU-2016:1961",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html"
            },
            {
              "name": "USN-3005-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-3005-1"
            },
            {
              "name": "SUSE-SU-2016:2001",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html"
            },
            {
              "name": "SUSE-SU-2016:1985",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
            },
            {
              "name": "RHSA-2016:1301",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2016:1301"
            },
            {
              "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e6bd18f57aad1a2d1ef40e646d03ed0f2515c9e3",
              "refsource": "CONFIRM",
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e6bd18f57aad1a2d1ef40e646d03ed0f2515c9e3"
            },
            {
              "name": "RHSA-2016:1814",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1814.html"
            },
            {
              "name": "openSUSE-SU-2016:2184",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/e6bd18f57aad1a2d1ef40e646d03ed0f2515c9e3",
              "refsource": "CONFIRM",
              "url": "https://github.com/torvalds/linux/commit/e6bd18f57aad1a2d1ef40e646d03ed0f2515c9e3"
            },
            {
              "name": "USN-3018-2",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-3018-2"
            },
            {
              "name": "USN-3021-2",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-3021-2"
            },
            {
              "name": "SUSE-SU-2016:2006",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html"
            },
            {
              "name": "SUSE-SU-2016:2014",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html"
            },
            {
              "name": "RHSA-2016:1489",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1489.html"
            },
            {
              "name": "USN-3019-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-3019-1"
            },
            {
              "name": "openSUSE-SU-2016:1641",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"
            },
            {
              "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.3",
              "refsource": "CONFIRM",
              "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.3"
            },
            {
              "name": "DSA-3607",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2016/dsa-3607"
            },
            {
              "name": "USN-3002-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-3002-1"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1310570",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1310570"
            },
            {
              "name": "SUSE-SU-2016:1672",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
            },
            {
              "name": "SUSE-SU-2016:2009",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html"
            },
            {
              "name": "USN-3021-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-3021-1"
            },
            {
              "name": "USN-3018-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-3018-1"
            },
            {
              "name": "RHSA-2016:1617",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1617.html"
            },
            {
              "name": "SUSE-SU-2016:2005",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html"
            },
            {
              "name": "SUSE-SU-2016:2007",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html"
            },
            {
              "name": "USN-3007-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-3007-1"
            },
            {
              "name": "SUSE-SU-2016:2000",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html"
            },
            {
              "name": "USN-3003-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-3003-1"
            },
            {
              "name": "SUSE-SU-2016:1995",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html"
            },
            {
              "name": "SUSE-SU-2016:2105",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
            },
            {
              "name": "SUSE-SU-2016:2002",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html"
            },
            {
              "name": "RHSA-2016:1581",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1581.html"
            },
            {
              "name": "RHSA-2016:1277",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2016:1277"
            },
            {
              "name": "[oss-security] 20160507 CVE Request: Linux: IB/security: Restrict use of the write() interface\u0027",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/05/07/1"
            },
            {
              "name": "SUSE-SU-2016:1937",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
    "assignerShortName": "debian",
    "cveId": "CVE-2016-4565",
    "datePublished": "2016-05-23T10:00:00",
    "dateReserved": "2016-05-07T00:00:00",
    "dateUpdated": "2024-08-06T00:32:25.910Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-2053 (GCVE-0-2016-2053)

Vulnerability from cvelistv5

Published

2016-05-02 10:00

Modified

2024-08-05 23:17

Severity ?

CWE

Summary

The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel before 4.3 allows attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c.

References

URL

Tags

	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00023.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00017.html	vendor-advisory, x_refsource_SUSE
	https://bugzilla.redhat.com/show_bug.cgi?id=1300237	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html	vendor-advisory, x_refsource_SUSE
	http://www.openwall.com/lists/oss-security/2016/01/25/4	mailing-list, x_refsource_MLIST
	https://github.com/torvalds/linux/commit/0d62e9dd6da45bbf0f33a8617afc5fe774c8f45f	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2016-2584.html	vendor-advisory, x_refsource_REDHAT
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html	vendor-advisory, x_refsource_SUSE
	http://rhn.redhat.com/errata/RHSA-2016-2574.html	vendor-advisory, x_refsource_REDHAT
	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html	vendor-advisory, x_refsource_SUSE
	http://www.securitytracker.com/id/1036763	vdb-entry, x_refsource_SECTRACK
	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0d62e9dd6da45bbf0f33a8617afc5fe774c8f45f	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html	vendor-advisory, x_refsource_SUSE

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:17:50.397Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SUSE-SU-2016:1690",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
          },
          {
            "name": "SUSE-SU-2016:2010",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html"
          },
          {
            "name": "SUSE-SU-2016:2011",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00023.html"
          },
          {
            "name": "SUSE-SU-2016:2003",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00017.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300237"
          },
          {
            "name": "SUSE-SU-2016:1994",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html"
          },
          {
            "name": "SUSE-SU-2016:1961",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html"
          },
          {
            "name": "SUSE-SU-2016:2001",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html"
          },
          {
            "name": "SUSE-SU-2016:1985",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
          },
          {
            "name": "openSUSE-SU-2016:2184",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
          },
          {
            "name": "SUSE-SU-2016:2006",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html"
          },
          {
            "name": "[oss-security] 20160125 Re: Linux kernel : Denial of service with specially crafted key file.",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/01/25/4"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/0d62e9dd6da45bbf0f33a8617afc5fe774c8f45f"
          },
          {
            "name": "RHSA-2016:2584",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html"
          },
          {
            "name": "SUSE-SU-2016:2014",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html"
          },
          {
            "name": "RHSA-2016:2574",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html"
          },
          {
            "name": "openSUSE-SU-2016:1641",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"
          },
          {
            "name": "1036763",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036763"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0d62e9dd6da45bbf0f33a8617afc5fe774c8f45f"
          },
          {
            "name": "SUSE-SU-2016:1672",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
          },
          {
            "name": "SUSE-SU-2016:2009",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html"
          },
          {
            "name": "SUSE-SU-2016:2005",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html"
          },
          {
            "name": "SUSE-SU-2016:2007",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html"
          },
          {
            "name": "SUSE-SU-2016:2000",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html"
          },
          {
            "name": "SUSE-SU-2016:1995",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html"
          },
          {
            "name": "SUSE-SU-2016:2105",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
          },
          {
            "name": "SUSE-SU-2016:2002",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html"
          },
          {
            "name": "SUSE-SU-2016:1937",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-01-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel before 4.3 allows attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "SUSE-SU-2016:1690",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
        },
        {
          "name": "SUSE-SU-2016:2010",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html"
        },
        {
          "name": "SUSE-SU-2016:2011",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00023.html"
        },
        {
          "name": "SUSE-SU-2016:2003",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00017.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300237"
        },
        {
          "name": "SUSE-SU-2016:1994",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html"
        },
        {
          "name": "SUSE-SU-2016:1961",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html"
        },
        {
          "name": "SUSE-SU-2016:2001",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html"
        },
        {
          "name": "SUSE-SU-2016:1985",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
        },
        {
          "name": "openSUSE-SU-2016:2184",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
        },
        {
          "name": "SUSE-SU-2016:2006",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html"
        },
        {
          "name": "[oss-security] 20160125 Re: Linux kernel : Denial of service with specially crafted key file.",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/01/25/4"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/torvalds/linux/commit/0d62e9dd6da45bbf0f33a8617afc5fe774c8f45f"
        },
        {
          "name": "RHSA-2016:2584",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html"
        },
        {
          "name": "SUSE-SU-2016:2014",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html"
        },
        {
          "name": "RHSA-2016:2574",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html"
        },
        {
          "name": "openSUSE-SU-2016:1641",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"
        },
        {
          "name": "1036763",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1036763"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0d62e9dd6da45bbf0f33a8617afc5fe774c8f45f"
        },
        {
          "name": "SUSE-SU-2016:1672",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
        },
        {
          "name": "SUSE-SU-2016:2009",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html"
        },
        {
          "name": "SUSE-SU-2016:2005",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html"
        },
        {
          "name": "SUSE-SU-2016:2007",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html"
        },
        {
          "name": "SUSE-SU-2016:2000",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html"
        },
        {
          "name": "SUSE-SU-2016:1995",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html"
        },
        {
          "name": "SUSE-SU-2016:2105",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
        },
        {
          "name": "SUSE-SU-2016:2002",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html"
        },
        {
          "name": "SUSE-SU-2016:1937",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-2053",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel before 4.3 allows attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "SUSE-SU-2016:1690",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
            },
            {
              "name": "SUSE-SU-2016:2010",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html"
            },
            {
              "name": "SUSE-SU-2016:2011",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00023.html"
            },
            {
              "name": "SUSE-SU-2016:2003",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00017.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1300237",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300237"
            },
            {
              "name": "SUSE-SU-2016:1994",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html"
            },
            {
              "name": "SUSE-SU-2016:1961",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html"
            },
            {
              "name": "SUSE-SU-2016:2001",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html"
            },
            {
              "name": "SUSE-SU-2016:1985",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
            },
            {
              "name": "openSUSE-SU-2016:2184",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
            },
            {
              "name": "SUSE-SU-2016:2006",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html"
            },
            {
              "name": "[oss-security] 20160125 Re: Linux kernel : Denial of service with specially crafted key file.",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/01/25/4"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/0d62e9dd6da45bbf0f33a8617afc5fe774c8f45f",
              "refsource": "CONFIRM",
              "url": "https://github.com/torvalds/linux/commit/0d62e9dd6da45bbf0f33a8617afc5fe774c8f45f"
            },
            {
              "name": "RHSA-2016:2584",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html"
            },
            {
              "name": "SUSE-SU-2016:2014",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html"
            },
            {
              "name": "RHSA-2016:2574",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html"
            },
            {
              "name": "openSUSE-SU-2016:1641",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"
            },
            {
              "name": "1036763",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1036763"
            },
            {
              "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0d62e9dd6da45bbf0f33a8617afc5fe774c8f45f",
              "refsource": "CONFIRM",
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0d62e9dd6da45bbf0f33a8617afc5fe774c8f45f"
            },
            {
              "name": "SUSE-SU-2016:1672",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
            },
            {
              "name": "SUSE-SU-2016:2009",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html"
            },
            {
              "name": "SUSE-SU-2016:2005",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html"
            },
            {
              "name": "SUSE-SU-2016:2007",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html"
            },
            {
              "name": "SUSE-SU-2016:2000",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html"
            },
            {
              "name": "SUSE-SU-2016:1995",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html"
            },
            {
              "name": "SUSE-SU-2016:2105",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
            },
            {
              "name": "SUSE-SU-2016:2002",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html"
            },
            {
              "name": "SUSE-SU-2016:1937",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-2053",
    "datePublished": "2016-05-02T10:00:00",
    "dateReserved": "2016-01-25T00:00:00",
    "dateUpdated": "2024-08-05T23:17:50.397Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-0758 (GCVE-0-2016-0758)

Vulnerability from cvelistv5

Published

2016-06-27 10:00

Modified

2024-08-05 22:30

Severity ?

CWE

Summary

Integer overflow in lib/asn1_decoder.c in the Linux kernel before 4.6 allows local users to gain privileges via crafted ASN.1 data.

References

URL

Tags

	http://www.ubuntu.com/usn/USN-2979-4	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00023.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00017.html	vendor-advisory, x_refsource_SUSE
	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=23c8a812dc3c621009e4f0e5342aa4e2ede1ceaa	x_refsource_CONFIRM
	https://github.com/torvalds/linux/commit/23c8a812dc3c621009e4f0e5342aa4e2ede1ceaa	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html	vendor-advisory, x_refsource_SUSE
	http://rhn.redhat.com/errata/RHSA-2016-1055.html	vendor-advisory, x_refsource_REDHAT
	http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html	vendor-advisory, x_refsource_SUSE
	http://source.android.com/security/bulletin/2016-10-01.html	x_refsource_CONFIRM
	http://www.openwall.com/lists/oss-security/2016/05/12/9	mailing-list, x_refsource_MLIST
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html	vendor-advisory, x_refsource_SUSE
	http://rhn.redhat.com/errata/RHSA-2016-1033.html	vendor-advisory, x_refsource_REDHAT
	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html	vendor-advisory, x_refsource_SUSE
	https://bugzilla.redhat.com/show_bug.cgi?id=1300257	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html	vendor-advisory, x_refsource_SUSE
	http://rhn.redhat.com/errata/RHSA-2016-1051.html	vendor-advisory, x_refsource_REDHAT
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html	vendor-advisory, x_refsource_SUSE
	http://www.securityfocus.com/bid/90626	vdb-entry, x_refsource_BID
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html	vendor-advisory, x_refsource_SUSE
	https://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158555	vendor-advisory, x_refsource_HP
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html	vendor-advisory, x_refsource_SUSE

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T22:30:04.558Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-2979-4",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2979-4"
          },
          {
            "name": "SUSE-SU-2016:1690",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
          },
          {
            "name": "SUSE-SU-2016:2010",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html"
          },
          {
            "name": "SUSE-SU-2016:2011",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00023.html"
          },
          {
            "name": "SUSE-SU-2016:2003",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00017.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=23c8a812dc3c621009e4f0e5342aa4e2ede1ceaa"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/23c8a812dc3c621009e4f0e5342aa4e2ede1ceaa"
          },
          {
            "name": "SUSE-SU-2016:1994",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html"
          },
          {
            "name": "RHSA-2016:1055",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1055.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
          },
          {
            "name": "SUSE-SU-2016:1961",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html"
          },
          {
            "name": "SUSE-SU-2016:2001",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html"
          },
          {
            "name": "SUSE-SU-2016:1985",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
          },
          {
            "name": "openSUSE-SU-2016:2184",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
          },
          {
            "name": "SUSE-SU-2016:2006",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://source.android.com/security/bulletin/2016-10-01.html"
          },
          {
            "name": "[oss-security] 20160513 CVE-2016-0758 - Linux kernel - Flaw in ASN.1 DER decoder for x509 certificate DER files.",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/05/12/9"
          },
          {
            "name": "SUSE-SU-2016:2014",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html"
          },
          {
            "name": "RHSA-2016:1033",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1033.html"
          },
          {
            "name": "openSUSE-SU-2016:1641",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300257"
          },
          {
            "name": "SUSE-SU-2016:1672",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
          },
          {
            "name": "RHSA-2016:1051",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1051.html"
          },
          {
            "name": "SUSE-SU-2016:2009",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html"
          },
          {
            "name": "SUSE-SU-2016:2005",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html"
          },
          {
            "name": "SUSE-SU-2016:2007",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html"
          },
          {
            "name": "90626",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/90626"
          },
          {
            "name": "SUSE-SU-2016:2000",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html"
          },
          {
            "name": "SUSE-SU-2016:1995",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html"
          },
          {
            "name": "SUSE-SU-2016:2105",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
          },
          {
            "name": "SUSE-SU-2016:2002",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html"
          },
          {
            "name": "HPSBHF3548",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "https://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158555"
          },
          {
            "name": "SUSE-SU-2016:1937",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-02-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer overflow in lib/asn1_decoder.c in the Linux kernel before 4.6 allows local users to gain privileges via crafted ASN.1 data."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-11-25T20:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "USN-2979-4",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2979-4"
        },
        {
          "name": "SUSE-SU-2016:1690",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
        },
        {
          "name": "SUSE-SU-2016:2010",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html"
        },
        {
          "name": "SUSE-SU-2016:2011",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00023.html"
        },
        {
          "name": "SUSE-SU-2016:2003",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00017.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=23c8a812dc3c621009e4f0e5342aa4e2ede1ceaa"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/torvalds/linux/commit/23c8a812dc3c621009e4f0e5342aa4e2ede1ceaa"
        },
        {
          "name": "SUSE-SU-2016:1994",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html"
        },
        {
          "name": "RHSA-2016:1055",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1055.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
        },
        {
          "name": "SUSE-SU-2016:1961",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html"
        },
        {
          "name": "SUSE-SU-2016:2001",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html"
        },
        {
          "name": "SUSE-SU-2016:1985",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
        },
        {
          "name": "openSUSE-SU-2016:2184",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
        },
        {
          "name": "SUSE-SU-2016:2006",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://source.android.com/security/bulletin/2016-10-01.html"
        },
        {
          "name": "[oss-security] 20160513 CVE-2016-0758 - Linux kernel - Flaw in ASN.1 DER decoder for x509 certificate DER files.",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/05/12/9"
        },
        {
          "name": "SUSE-SU-2016:2014",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html"
        },
        {
          "name": "RHSA-2016:1033",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1033.html"
        },
        {
          "name": "openSUSE-SU-2016:1641",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300257"
        },
        {
          "name": "SUSE-SU-2016:1672",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
        },
        {
          "name": "RHSA-2016:1051",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1051.html"
        },
        {
          "name": "SUSE-SU-2016:2009",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html"
        },
        {
          "name": "SUSE-SU-2016:2005",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html"
        },
        {
          "name": "SUSE-SU-2016:2007",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html"
        },
        {
          "name": "90626",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/90626"
        },
        {
          "name": "SUSE-SU-2016:2000",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html"
        },
        {
          "name": "SUSE-SU-2016:1995",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html"
        },
        {
          "name": "SUSE-SU-2016:2105",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
        },
        {
          "name": "SUSE-SU-2016:2002",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html"
        },
        {
          "name": "HPSBHF3548",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "https://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158555"
        },
        {
          "name": "SUSE-SU-2016:1937",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-0758",
    "datePublished": "2016-06-27T10:00:00",
    "dateReserved": "2015-12-16T00:00:00",
    "dateUpdated": "2024-08-05T22:30:04.558Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-8816 (GCVE-0-2015-8816)

Vulnerability from cvelistv5

Published

2016-04-27 17:00

Modified

2024-08-06 08:29

Severity ?

CWE

Summary

The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device.

References

URL

Tags

	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html	vendor-advisory, x_refsource_SUSE
	https://github.com/torvalds/linux/commit/e50293ef9775c5f1cf3fcc093037dd6a8c5684ea	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html	vendor-advisory, x_refsource_SUSE
	http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html	vendor-advisory, x_refsource_SUSE
	http://www.debian.org/security/2016/dsa-3503	vendor-advisory, x_refsource_DEBIAN
	http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.5	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html	vendor-advisory, x_refsource_SUSE
	http://www.securityfocus.com/bid/83363	vdb-entry, x_refsource_BID
	http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html	vendor-advisory, x_refsource_SUSE
	https://bugzilla.redhat.com/show_bug.cgi?id=1311589	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html	vendor-advisory, x_refsource_SUSE
	http://source.android.com/security/bulletin/2016-07-01.html	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html	vendor-advisory, x_refsource_SUSE
	http://www.openwall.com/lists/oss-security/2016/02/23/5	mailing-list, x_refsource_MLIST
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html	vendor-advisory, x_refsource_SUSE
	http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html	vendor-advisory, x_refsource_SUSE
	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e50293ef9775c5f1cf3fcc093037dd6a8c5684ea	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T08:29:22.034Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SUSE-SU-2016:1690",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
          },
          {
            "name": "SUSE-SU-2016:2010",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/e50293ef9775c5f1cf3fcc093037dd6a8c5684ea"
          },
          {
            "name": "SUSE-SU-2016:1994",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
          },
          {
            "name": "SUSE-SU-2016:1961",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html"
          },
          {
            "name": "SUSE-SU-2016:2001",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html"
          },
          {
            "name": "DSA-3503",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3503"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.5"
          },
          {
            "name": "SUSE-SU-2016:2006",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html"
          },
          {
            "name": "SUSE-SU-2016:2014",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html"
          },
          {
            "name": "83363",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/83363"
          },
          {
            "name": "SUSE-SU-2016:1764",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311589"
          },
          {
            "name": "SUSE-SU-2016:1707",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
          },
          {
            "name": "SUSE-SU-2016:1672",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
          },
          {
            "name": "SUSE-SU-2016:1019",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://source.android.com/security/bulletin/2016-07-01.html"
          },
          {
            "name": "SUSE-SU-2016:2009",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html"
          },
          {
            "name": "[oss-security] 20160223 CVE Request: Linux kernel USB hub invalid memory access in hub_activate()",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/02/23/5"
          },
          {
            "name": "SUSE-SU-2016:2005",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html"
          },
          {
            "name": "SUSE-SU-2016:2007",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html"
          },
          {
            "name": "SUSE-SU-2016:2074",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
          },
          {
            "name": "SUSE-SU-2016:1995",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html"
          },
          {
            "name": "SUSE-SU-2016:2002",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e50293ef9775c5f1cf3fcc093037dd6a8c5684ea"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-01-31T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-11-30T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "SUSE-SU-2016:1690",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
        },
        {
          "name": "SUSE-SU-2016:2010",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/torvalds/linux/commit/e50293ef9775c5f1cf3fcc093037dd6a8c5684ea"
        },
        {
          "name": "SUSE-SU-2016:1994",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
        },
        {
          "name": "SUSE-SU-2016:1961",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html"
        },
        {
          "name": "SUSE-SU-2016:2001",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html"
        },
        {
          "name": "DSA-3503",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3503"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.5"
        },
        {
          "name": "SUSE-SU-2016:2006",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html"
        },
        {
          "name": "SUSE-SU-2016:2014",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html"
        },
        {
          "name": "83363",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/83363"
        },
        {
          "name": "SUSE-SU-2016:1764",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311589"
        },
        {
          "name": "SUSE-SU-2016:1707",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
        },
        {
          "name": "SUSE-SU-2016:1672",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
        },
        {
          "name": "SUSE-SU-2016:1019",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://source.android.com/security/bulletin/2016-07-01.html"
        },
        {
          "name": "SUSE-SU-2016:2009",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html"
        },
        {
          "name": "[oss-security] 20160223 CVE Request: Linux kernel USB hub invalid memory access in hub_activate()",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/02/23/5"
        },
        {
          "name": "SUSE-SU-2016:2005",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html"
        },
        {
          "name": "SUSE-SU-2016:2007",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html"
        },
        {
          "name": "SUSE-SU-2016:2074",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
        },
        {
          "name": "SUSE-SU-2016:1995",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html"
        },
        {
          "name": "SUSE-SU-2016:2002",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e50293ef9775c5f1cf3fcc093037dd6a8c5684ea"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-8816",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "SUSE-SU-2016:1690",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
            },
            {
              "name": "SUSE-SU-2016:2010",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/e50293ef9775c5f1cf3fcc093037dd6a8c5684ea",
              "refsource": "CONFIRM",
              "url": "https://github.com/torvalds/linux/commit/e50293ef9775c5f1cf3fcc093037dd6a8c5684ea"
            },
            {
              "name": "SUSE-SU-2016:1994",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
            },
            {
              "name": "SUSE-SU-2016:1961",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html"
            },
            {
              "name": "SUSE-SU-2016:2001",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html"
            },
            {
              "name": "DSA-3503",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2016/dsa-3503"
            },
            {
              "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.5",
              "refsource": "CONFIRM",
              "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.5"
            },
            {
              "name": "SUSE-SU-2016:2006",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html"
            },
            {
              "name": "SUSE-SU-2016:2014",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html"
            },
            {
              "name": "83363",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/83363"
            },
            {
              "name": "SUSE-SU-2016:1764",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1311589",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311589"
            },
            {
              "name": "SUSE-SU-2016:1707",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html"
            },
            {
              "name": "SUSE-SU-2016:1672",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
            },
            {
              "name": "SUSE-SU-2016:1019",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html"
            },
            {
              "name": "http://source.android.com/security/bulletin/2016-07-01.html",
              "refsource": "CONFIRM",
              "url": "http://source.android.com/security/bulletin/2016-07-01.html"
            },
            {
              "name": "SUSE-SU-2016:2009",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html"
            },
            {
              "name": "[oss-security] 20160223 CVE Request: Linux kernel USB hub invalid memory access in hub_activate()",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/02/23/5"
            },
            {
              "name": "SUSE-SU-2016:2005",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html"
            },
            {
              "name": "SUSE-SU-2016:2007",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html"
            },
            {
              "name": "SUSE-SU-2016:2074",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
            },
            {
              "name": "SUSE-SU-2016:1995",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html"
            },
            {
              "name": "SUSE-SU-2016:2002",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html"
            },
            {
              "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e50293ef9775c5f1cf3fcc093037dd6a8c5684ea",
              "refsource": "CONFIRM",
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e50293ef9775c5f1cf3fcc093037dd6a8c5684ea"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-8816",
    "datePublished": "2016-04-27T17:00:00",
    "dateReserved": "2016-02-23T00:00:00",
    "dateUpdated": "2024-08-06T08:29:22.034Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-3134 (GCVE-0-2016-3134)

Vulnerability from cvelistv5

Published

2016-04-27 17:00

Modified

2024-08-05 23:47

Severity ?

CWE

Summary

The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call.

References

URL

Tags

	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html	vendor-advisory, x_refsource_SUSE
	https://github.com/torvalds/linux/commit/54d83fc74aa9ec72794373cb47432c5f7fb1a309	x_refsource_CONFIRM
	https://code.google.com/p/google-security-research/issues/detail?id=758	x_refsource_MISC
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html	vendor-advisory, x_refsource_SUSE
	http://www.ubuntu.com/usn/USN-2930-1	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html	vendor-advisory, x_refsource_SUSE
	https://bugzilla.redhat.com/show_bug.cgi?id=1317383	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html	vendor-advisory, x_refsource_SUSE
	http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html	vendor-advisory, x_refsource_SUSE
	http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/USN-2930-2	vendor-advisory, x_refsource_UBUNTU
	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54d83fc74aa9ec72794373cb47432c5f7fb1a309	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html	vendor-advisory, x_refsource_SUSE
	http://rhn.redhat.com/errata/RHSA-2016-1847.html	vendor-advisory, x_refsource_REDHAT
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html	vendor-advisory, x_refsource_SUSE
	http://www.ubuntu.com/usn/USN-3049-1	vendor-advisory, x_refsource_UBUNTU
	http://rhn.redhat.com/errata/RHSA-2016-1875.html	vendor-advisory, x_refsource_REDHAT
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html	vendor-advisory, x_refsource_SUSE
	http://www.ubuntu.com/usn/USN-2930-3	vendor-advisory, x_refsource_UBUNTU
	http://www.debian.org/security/2016/dsa-3607	vendor-advisory, x_refsource_DEBIAN
	http://www.securitytracker.com/id/1036763	vdb-entry, x_refsource_SECTRACK
	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html	vendor-advisory, x_refsource_SUSE
	http://www.ubuntu.com/usn/USN-2929-1	vendor-advisory, x_refsource_UBUNTU
	http://www.ubuntu.com/usn/USN-2932-1	vendor-advisory, x_refsource_UBUNTU
	http://www.ubuntu.com/usn/USN-3050-1	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html	vendor-advisory, x_refsource_SUSE
	http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html	vendor-advisory, x_refsource_SUSE
	http://rhn.redhat.com/errata/RHSA-2016-1883.html	vendor-advisory, x_refsource_REDHAT
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html	vendor-advisory, x_refsource_SUSE
	http://www.ubuntu.com/usn/USN-2931-1	vendor-advisory, x_refsource_UBUNTU
	http://www.ubuntu.com/usn/USN-2929-2	vendor-advisory, x_refsource_UBUNTU
	http://www.securityfocus.com/bid/84305	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:47:57.222Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SUSE-SU-2016:1690",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/54d83fc74aa9ec72794373cb47432c5f7fb1a309"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://code.google.com/p/google-security-research/issues/detail?id=758"
          },
          {
            "name": "SUSE-SU-2016:2010",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html"
          },
          {
            "name": "USN-2930-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2930-1"
          },
          {
            "name": "SUSE-SU-2016:1696",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1317383"
          },
          {
            "name": "SUSE-SU-2016:1994",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
          },
          {
            "name": "SUSE-SU-2016:1961",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
          },
          {
            "name": "USN-2930-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2930-2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54d83fc74aa9ec72794373cb47432c5f7fb1a309"
          },
          {
            "name": "SUSE-SU-2016:2001",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html"
          },
          {
            "name": "SUSE-SU-2016:1985",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
          },
          {
            "name": "RHSA-2016:1847",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1847.html"
          },
          {
            "name": "SUSE-SU-2016:2006",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html"
          },
          {
            "name": "USN-3049-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3049-1"
          },
          {
            "name": "RHSA-2016:1875",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1875.html"
          },
          {
            "name": "SUSE-SU-2016:2014",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html"
          },
          {
            "name": "openSUSE-SU-2016:1641",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"
          },
          {
            "name": "SUSE-SU-2016:1764",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
          },
          {
            "name": "USN-2930-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2930-3"
          },
          {
            "name": "DSA-3607",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3607"
          },
          {
            "name": "1036763",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036763"
          },
          {
            "name": "SUSE-SU-2016:1672",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
          },
          {
            "name": "SUSE-SU-2016:2009",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html"
          },
          {
            "name": "USN-2929-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2929-1"
          },
          {
            "name": "USN-2932-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2932-1"
          },
          {
            "name": "USN-3050-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3050-1"
          },
          {
            "name": "SUSE-SU-2016:2005",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html"
          },
          {
            "name": "SUSE-SU-2016:2007",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html"
          },
          {
            "name": "SUSE-SU-2016:2074",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
          },
          {
            "name": "SUSE-SU-2016:2000",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html"
          },
          {
            "name": "RHSA-2016:1883",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-1883.html"
          },
          {
            "name": "SUSE-SU-2016:1995",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html"
          },
          {
            "name": "SUSE-SU-2016:2002",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html"
          },
          {
            "name": "USN-2931-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2931-1"
          },
          {
            "name": "USN-2929-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2929-2"
          },
          {
            "name": "84305",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/84305"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-04-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-06T16:15:29",
        "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "shortName": "microfocus"
      },
      "references": [
        {
          "name": "SUSE-SU-2016:1690",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/torvalds/linux/commit/54d83fc74aa9ec72794373cb47432c5f7fb1a309"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://code.google.com/p/google-security-research/issues/detail?id=758"
        },
        {
          "name": "SUSE-SU-2016:2010",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html"
        },
        {
          "name": "USN-2930-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2930-1"
        },
        {
          "name": "SUSE-SU-2016:1696",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1317383"
        },
        {
          "name": "SUSE-SU-2016:1994",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
        },
        {
          "name": "SUSE-SU-2016:1961",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
        },
        {
          "name": "USN-2930-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2930-2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54d83fc74aa9ec72794373cb47432c5f7fb1a309"
        },
        {
          "name": "SUSE-SU-2016:2001",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html"
        },
        {
          "name": "SUSE-SU-2016:1985",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
        },
        {
          "name": "RHSA-2016:1847",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1847.html"
        },
        {
          "name": "SUSE-SU-2016:2006",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html"
        },
        {
          "name": "USN-3049-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3049-1"
        },
        {
          "name": "RHSA-2016:1875",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1875.html"
        },
        {
          "name": "SUSE-SU-2016:2014",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html"
        },
        {
          "name": "openSUSE-SU-2016:1641",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"
        },
        {
          "name": "SUSE-SU-2016:1764",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
        },
        {
          "name": "USN-2930-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2930-3"
        },
        {
          "name": "DSA-3607",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3607"
        },
        {
          "name": "1036763",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1036763"
        },
        {
          "name": "SUSE-SU-2016:1672",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
        },
        {
          "name": "SUSE-SU-2016:2009",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html"
        },
        {
          "name": "USN-2929-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2929-1"
        },
        {
          "name": "USN-2932-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2932-1"
        },
        {
          "name": "USN-3050-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3050-1"
        },
        {
          "name": "SUSE-SU-2016:2005",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html"
        },
        {
          "name": "SUSE-SU-2016:2007",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html"
        },
        {
          "name": "SUSE-SU-2016:2074",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
        },
        {
          "name": "SUSE-SU-2016:2000",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html"
        },
        {
          "name": "RHSA-2016:1883",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-1883.html"
        },
        {
          "name": "SUSE-SU-2016:1995",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html"
        },
        {
          "name": "SUSE-SU-2016:2002",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html"
        },
        {
          "name": "USN-2931-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2931-1"
        },
        {
          "name": "USN-2929-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2929-2"
        },
        {
          "name": "84305",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/84305"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@microfocus.com",
          "ID": "CVE-2016-3134",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "SUSE-SU-2016:1690",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/54d83fc74aa9ec72794373cb47432c5f7fb1a309",
              "refsource": "CONFIRM",
              "url": "https://github.com/torvalds/linux/commit/54d83fc74aa9ec72794373cb47432c5f7fb1a309"
            },
            {
              "name": "https://code.google.com/p/google-security-research/issues/detail?id=758",
              "refsource": "MISC",
              "url": "https://code.google.com/p/google-security-research/issues/detail?id=758"
            },
            {
              "name": "SUSE-SU-2016:2010",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html"
            },
            {
              "name": "USN-2930-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2930-1"
            },
            {
              "name": "SUSE-SU-2016:1696",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1317383",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1317383"
            },
            {
              "name": "SUSE-SU-2016:1994",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
            },
            {
              "name": "SUSE-SU-2016:1961",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
            },
            {
              "name": "USN-2930-2",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2930-2"
            },
            {
              "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54d83fc74aa9ec72794373cb47432c5f7fb1a309",
              "refsource": "CONFIRM",
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54d83fc74aa9ec72794373cb47432c5f7fb1a309"
            },
            {
              "name": "SUSE-SU-2016:2001",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html"
            },
            {
              "name": "SUSE-SU-2016:1985",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
            },
            {
              "name": "RHSA-2016:1847",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1847.html"
            },
            {
              "name": "SUSE-SU-2016:2006",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html"
            },
            {
              "name": "USN-3049-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-3049-1"
            },
            {
              "name": "RHSA-2016:1875",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1875.html"
            },
            {
              "name": "SUSE-SU-2016:2014",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html"
            },
            {
              "name": "openSUSE-SU-2016:1641",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"
            },
            {
              "name": "SUSE-SU-2016:1764",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"
            },
            {
              "name": "USN-2930-3",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2930-3"
            },
            {
              "name": "DSA-3607",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2016/dsa-3607"
            },
            {
              "name": "1036763",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1036763"
            },
            {
              "name": "SUSE-SU-2016:1672",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
            },
            {
              "name": "SUSE-SU-2016:2009",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html"
            },
            {
              "name": "USN-2929-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2929-1"
            },
            {
              "name": "USN-2932-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2932-1"
            },
            {
              "name": "USN-3050-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-3050-1"
            },
            {
              "name": "SUSE-SU-2016:2005",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html"
            },
            {
              "name": "SUSE-SU-2016:2007",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html"
            },
            {
              "name": "SUSE-SU-2016:2074",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
            },
            {
              "name": "SUSE-SU-2016:2000",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html"
            },
            {
              "name": "RHSA-2016:1883",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1883.html"
            },
            {
              "name": "SUSE-SU-2016:1995",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html"
            },
            {
              "name": "SUSE-SU-2016:2002",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html"
            },
            {
              "name": "USN-2931-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2931-1"
            },
            {
              "name": "USN-2929-2",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2929-2"
            },
            {
              "name": "84305",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/84305"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
    "assignerShortName": "microfocus",
    "cveId": "CVE-2016-3134",
    "datePublished": "2016-04-27T17:00:00",
    "dateReserved": "2016-03-13T00:00:00",
    "dateUpdated": "2024-08-05T23:47:57.222Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-7446 (GCVE-0-2013-7446)

Vulnerability from cvelistv5

Published

2015-12-28 11:00

Modified

2024-08-06 18:09

Severity ?

CWE

Summary

Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel before 4.3.3 allows local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls.

References

URL

Tags

	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00038.html	vendor-advisory, x_refsource_SUSE
	https://groups.google.com/forum/#%21topic/syzkaller/3twDUI4Cpm8	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1034557	vdb-entry, x_refsource_SECTRACK
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00023.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00017.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00039.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00035.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00043.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html	vendor-advisory, x_refsource_SUSE
	http://www.ubuntu.com/usn/USN-2887-2	vendor-advisory, x_refsource_UBUNTU
	https://forums.grsecurity.net/viewtopic.php?f=3&t=4150	x_refsource_MISC
	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00045.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html	vendor-advisory, x_refsource_SUSE
	http://www.spinics.net/lists/netdev/msg318826.html	mailing-list, x_refsource_MLIST
	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00041.html	vendor-advisory, x_refsource_SUSE
	http://www.ubuntu.com/usn/USN-2886-1	vendor-advisory, x_refsource_UBUNTU
	http://www.ubuntu.com/usn/USN-2887-1	vendor-advisory, x_refsource_UBUNTU
	http://www.ubuntu.com/usn/USN-2890-3	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html	vendor-advisory, x_refsource_SUSE
	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7d267278a9ece963d77eefec61630223fce08c6c	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/USN-2889-1	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html	vendor-advisory, x_refsource_SUSE
	http://www.ubuntu.com/usn/USN-2889-2	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00034.html	vendor-advisory, x_refsource_SUSE
	https://lkml.org/lkml/2015/9/13/195	mailing-list, x_refsource_MLIST
	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00037.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html	vendor-advisory, x_refsource_SUSE
	http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.3	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/77638	vdb-entry, x_refsource_BID
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html	vendor-advisory, x_refsource_SUSE
	https://lkml.org/lkml/2014/5/15/532	mailing-list, x_refsource_MLIST
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html	vendor-advisory, x_refsource_SUSE
	http://www.ubuntu.com/usn/USN-2890-2	vendor-advisory, x_refsource_UBUNTU
	https://bugzilla.redhat.com/show_bug.cgi?id=1282688	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00033.html	vendor-advisory, x_refsource_SUSE
	http://www.debian.org/security/2015/dsa-3426	vendor-advisory, x_refsource_DEBIAN
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html	vendor-advisory, x_refsource_SUSE
	http://www.openwall.com/lists/oss-security/2015/11/18/16	mailing-list, x_refsource_MLIST
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html	vendor-advisory, x_refsource_SUSE
	https://lkml.org/lkml/2013/10/14/424	mailing-list, x_refsource_MLIST
	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00044.html	vendor-advisory, x_refsource_SUSE
	https://github.com/torvalds/linux/commit/7d267278a9ece963d77eefec61630223fce08c6c	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/USN-2890-1	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00042.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00040.html	vendor-advisory, x_refsource_SUSE
	http://www.ubuntu.com/usn/USN-2888-1	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html	vendor-advisory, x_refsource_SUSE

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T18:09:16.999Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SUSE-SU-2016:0750",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00038.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://groups.google.com/forum/#%21topic/syzkaller/3twDUI4Cpm8"
          },
          {
            "name": "1034557",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034557"
          },
          {
            "name": "SUSE-SU-2016:2010",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html"
          },
          {
            "name": "SUSE-SU-2016:2011",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00023.html"
          },
          {
            "name": "SUSE-SU-2016:2003",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00017.html"
          },
          {
            "name": "SUSE-SU-2016:0751",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00039.html"
          },
          {
            "name": "SUSE-SU-2016:0747",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00035.html"
          },
          {
            "name": "SUSE-SU-2016:0755",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00043.html"
          },
          {
            "name": "SUSE-SU-2016:1994",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html"
          },
          {
            "name": "USN-2887-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2887-2"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://forums.grsecurity.net/viewtopic.php?f=3\u0026t=4150"
          },
          {
            "name": "SUSE-SU-2016:0757",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00045.html"
          },
          {
            "name": "SUSE-SU-2016:1961",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html"
          },
          {
            "name": "SUSE-SU-2016:2001",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html"
          },
          {
            "name": "[netdev] 20150304 [PATCH net] af_unix: don\u0027t poll dead peers",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.spinics.net/lists/netdev/msg318826.html"
          },
          {
            "name": "SUSE-SU-2016:0753",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00041.html"
          },
          {
            "name": "USN-2886-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2886-1"
          },
          {
            "name": "USN-2887-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2887-1"
          },
          {
            "name": "USN-2890-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2890-3"
          },
          {
            "name": "SUSE-SU-2016:2006",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7d267278a9ece963d77eefec61630223fce08c6c"
          },
          {
            "name": "USN-2889-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2889-1"
          },
          {
            "name": "SUSE-SU-2016:2014",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html"
          },
          {
            "name": "openSUSE-SU-2016:1641",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"
          },
          {
            "name": "USN-2889-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2889-2"
          },
          {
            "name": "SUSE-SU-2016:0746",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00034.html"
          },
          {
            "name": "[linux-kernel] 20150913 List corruption on epoll_ctl(EPOLL_CTL_DEL) an AF_UNIX socket",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lkml.org/lkml/2015/9/13/195"
          },
          {
            "name": "SUSE-SU-2016:0749",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00037.html"
          },
          {
            "name": "SUSE-SU-2016:1102",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.3"
          },
          {
            "name": "77638",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/77638"
          },
          {
            "name": "SUSE-SU-2016:2009",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html"
          },
          {
            "name": "SUSE-SU-2016:2005",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html"
          },
          {
            "name": "[linux-kernel] 20140515 eventpoll __list_del_entry corruption (was: perf: use after free in perf_remove_from_context)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lkml.org/lkml/2014/5/15/532"
          },
          {
            "name": "SUSE-SU-2016:2007",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html"
          },
          {
            "name": "SUSE-SU-2016:2074",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
          },
          {
            "name": "USN-2890-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2890-2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1282688"
          },
          {
            "name": "SUSE-SU-2016:2000",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html"
          },
          {
            "name": "SUSE-SU-2016:0745",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00033.html"
          },
          {
            "name": "DSA-3426",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3426"
          },
          {
            "name": "SUSE-SU-2016:1995",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html"
          },
          {
            "name": "[oss-security] 20151118 Re: CVE request - Linux kernel - Unix sockets use after free - peer_wait_queue prematurely freed",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/11/18/16"
          },
          {
            "name": "SUSE-SU-2016:2002",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html"
          },
          {
            "name": "[linux-kernel] 20131014 Re: epoll oops.",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lkml.org/lkml/2013/10/14/424"
          },
          {
            "name": "SUSE-SU-2016:0756",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00044.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/7d267278a9ece963d77eefec61630223fce08c6c"
          },
          {
            "name": "USN-2890-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2890-1"
          },
          {
            "name": "SUSE-SU-2016:0754",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00042.html"
          },
          {
            "name": "SUSE-SU-2016:0752",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00040.html"
          },
          {
            "name": "USN-2888-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2888-1"
          },
          {
            "name": "SUSE-SU-2016:0911",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-10-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel before 4.3.3 allows local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-05T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "SUSE-SU-2016:0750",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00038.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://groups.google.com/forum/#%21topic/syzkaller/3twDUI4Cpm8"
        },
        {
          "name": "1034557",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1034557"
        },
        {
          "name": "SUSE-SU-2016:2010",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html"
        },
        {
          "name": "SUSE-SU-2016:2011",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00023.html"
        },
        {
          "name": "SUSE-SU-2016:2003",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00017.html"
        },
        {
          "name": "SUSE-SU-2016:0751",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00039.html"
        },
        {
          "name": "SUSE-SU-2016:0747",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00035.html"
        },
        {
          "name": "SUSE-SU-2016:0755",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00043.html"
        },
        {
          "name": "SUSE-SU-2016:1994",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html"
        },
        {
          "name": "USN-2887-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2887-2"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://forums.grsecurity.net/viewtopic.php?f=3\u0026t=4150"
        },
        {
          "name": "SUSE-SU-2016:0757",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00045.html"
        },
        {
          "name": "SUSE-SU-2016:1961",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html"
        },
        {
          "name": "SUSE-SU-2016:2001",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html"
        },
        {
          "name": "[netdev] 20150304 [PATCH net] af_unix: don\u0027t poll dead peers",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.spinics.net/lists/netdev/msg318826.html"
        },
        {
          "name": "SUSE-SU-2016:0753",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00041.html"
        },
        {
          "name": "USN-2886-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2886-1"
        },
        {
          "name": "USN-2887-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2887-1"
        },
        {
          "name": "USN-2890-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2890-3"
        },
        {
          "name": "SUSE-SU-2016:2006",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7d267278a9ece963d77eefec61630223fce08c6c"
        },
        {
          "name": "USN-2889-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2889-1"
        },
        {
          "name": "SUSE-SU-2016:2014",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html"
        },
        {
          "name": "openSUSE-SU-2016:1641",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"
        },
        {
          "name": "USN-2889-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2889-2"
        },
        {
          "name": "SUSE-SU-2016:0746",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00034.html"
        },
        {
          "name": "[linux-kernel] 20150913 List corruption on epoll_ctl(EPOLL_CTL_DEL) an AF_UNIX socket",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lkml.org/lkml/2015/9/13/195"
        },
        {
          "name": "SUSE-SU-2016:0749",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00037.html"
        },
        {
          "name": "SUSE-SU-2016:1102",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.3"
        },
        {
          "name": "77638",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/77638"
        },
        {
          "name": "SUSE-SU-2016:2009",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html"
        },
        {
          "name": "SUSE-SU-2016:2005",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html"
        },
        {
          "name": "[linux-kernel] 20140515 eventpoll __list_del_entry corruption (was: perf: use after free in perf_remove_from_context)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lkml.org/lkml/2014/5/15/532"
        },
        {
          "name": "SUSE-SU-2016:2007",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html"
        },
        {
          "name": "SUSE-SU-2016:2074",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
        },
        {
          "name": "USN-2890-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2890-2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1282688"
        },
        {
          "name": "SUSE-SU-2016:2000",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html"
        },
        {
          "name": "SUSE-SU-2016:0745",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00033.html"
        },
        {
          "name": "DSA-3426",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3426"
        },
        {
          "name": "SUSE-SU-2016:1995",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html"
        },
        {
          "name": "[oss-security] 20151118 Re: CVE request - Linux kernel - Unix sockets use after free - peer_wait_queue prematurely freed",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/11/18/16"
        },
        {
          "name": "SUSE-SU-2016:2002",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html"
        },
        {
          "name": "[linux-kernel] 20131014 Re: epoll oops.",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lkml.org/lkml/2013/10/14/424"
        },
        {
          "name": "SUSE-SU-2016:0756",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00044.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/torvalds/linux/commit/7d267278a9ece963d77eefec61630223fce08c6c"
        },
        {
          "name": "USN-2890-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2890-1"
        },
        {
          "name": "SUSE-SU-2016:0754",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00042.html"
        },
        {
          "name": "SUSE-SU-2016:0752",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00040.html"
        },
        {
          "name": "USN-2888-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2888-1"
        },
        {
          "name": "SUSE-SU-2016:0911",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2013-7446",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel before 4.3.3 allows local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "SUSE-SU-2016:0750",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00038.html"
            },
            {
              "name": "https://groups.google.com/forum/#!topic/syzkaller/3twDUI4Cpm8",
              "refsource": "CONFIRM",
              "url": "https://groups.google.com/forum/#!topic/syzkaller/3twDUI4Cpm8"
            },
            {
              "name": "1034557",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1034557"
            },
            {
              "name": "SUSE-SU-2016:2010",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html"
            },
            {
              "name": "SUSE-SU-2016:2011",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00023.html"
            },
            {
              "name": "SUSE-SU-2016:2003",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00017.html"
            },
            {
              "name": "SUSE-SU-2016:0751",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00039.html"
            },
            {
              "name": "SUSE-SU-2016:0747",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00035.html"
            },
            {
              "name": "SUSE-SU-2016:0755",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00043.html"
            },
            {
              "name": "SUSE-SU-2016:1994",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html"
            },
            {
              "name": "USN-2887-2",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2887-2"
            },
            {
              "name": "https://forums.grsecurity.net/viewtopic.php?f=3\u0026t=4150",
              "refsource": "MISC",
              "url": "https://forums.grsecurity.net/viewtopic.php?f=3\u0026t=4150"
            },
            {
              "name": "SUSE-SU-2016:0757",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00045.html"
            },
            {
              "name": "SUSE-SU-2016:1961",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html"
            },
            {
              "name": "SUSE-SU-2016:2001",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html"
            },
            {
              "name": "[netdev] 20150304 [PATCH net] af_unix: don\u0027t poll dead peers",
              "refsource": "MLIST",
              "url": "http://www.spinics.net/lists/netdev/msg318826.html"
            },
            {
              "name": "SUSE-SU-2016:0753",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00041.html"
            },
            {
              "name": "USN-2886-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2886-1"
            },
            {
              "name": "USN-2887-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2887-1"
            },
            {
              "name": "USN-2890-3",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2890-3"
            },
            {
              "name": "SUSE-SU-2016:2006",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html"
            },
            {
              "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7d267278a9ece963d77eefec61630223fce08c6c",
              "refsource": "CONFIRM",
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7d267278a9ece963d77eefec61630223fce08c6c"
            },
            {
              "name": "USN-2889-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2889-1"
            },
            {
              "name": "SUSE-SU-2016:2014",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html"
            },
            {
              "name": "openSUSE-SU-2016:1641",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"
            },
            {
              "name": "USN-2889-2",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2889-2"
            },
            {
              "name": "SUSE-SU-2016:0746",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00034.html"
            },
            {
              "name": "[linux-kernel] 20150913 List corruption on epoll_ctl(EPOLL_CTL_DEL) an AF_UNIX socket",
              "refsource": "MLIST",
              "url": "https://lkml.org/lkml/2015/9/13/195"
            },
            {
              "name": "SUSE-SU-2016:0749",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00037.html"
            },
            {
              "name": "SUSE-SU-2016:1102",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html"
            },
            {
              "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.3",
              "refsource": "CONFIRM",
              "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.3"
            },
            {
              "name": "77638",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/77638"
            },
            {
              "name": "SUSE-SU-2016:2009",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html"
            },
            {
              "name": "SUSE-SU-2016:2005",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html"
            },
            {
              "name": "[linux-kernel] 20140515 eventpoll __list_del_entry corruption (was: perf: use after free in perf_remove_from_context)",
              "refsource": "MLIST",
              "url": "https://lkml.org/lkml/2014/5/15/532"
            },
            {
              "name": "SUSE-SU-2016:2007",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html"
            },
            {
              "name": "SUSE-SU-2016:2074",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
            },
            {
              "name": "USN-2890-2",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2890-2"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1282688",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1282688"
            },
            {
              "name": "SUSE-SU-2016:2000",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html"
            },
            {
              "name": "SUSE-SU-2016:0745",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00033.html"
            },
            {
              "name": "DSA-3426",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2015/dsa-3426"
            },
            {
              "name": "SUSE-SU-2016:1995",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html"
            },
            {
              "name": "[oss-security] 20151118 Re: CVE request - Linux kernel - Unix sockets use after free - peer_wait_queue prematurely freed",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/11/18/16"
            },
            {
              "name": "SUSE-SU-2016:2002",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html"
            },
            {
              "name": "[linux-kernel] 20131014 Re: epoll oops.",
              "refsource": "MLIST",
              "url": "https://lkml.org/lkml/2013/10/14/424"
            },
            {
              "name": "SUSE-SU-2016:0756",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00044.html"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/7d267278a9ece963d77eefec61630223fce08c6c",
              "refsource": "CONFIRM",
              "url": "https://github.com/torvalds/linux/commit/7d267278a9ece963d77eefec61630223fce08c6c"
            },
            {
              "name": "USN-2890-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2890-1"
            },
            {
              "name": "SUSE-SU-2016:0754",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00042.html"
            },
            {
              "name": "SUSE-SU-2016:0752",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00040.html"
            },
            {
              "name": "USN-2888-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2888-1"
            },
            {
              "name": "SUSE-SU-2016:0911",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2013-7446",
    "datePublished": "2015-12-28T11:00:00",
    "dateReserved": "2015-11-18T00:00:00",
    "dateUpdated": "2024-08-06T18:09:16.999Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-1583 (GCVE-0-2016-1583)

Vulnerability from cvelistv5

Published

2016-06-27 10:00

Modified

2024-08-05 23:02

Severity ?

CWE

Summary

The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling.

References

URL

Tags

	http://www.ubuntu.com/usn/USN-3006-1	vendor-advisory, x_refsource_UBUNTU
	http://www.ubuntu.com/usn/USN-3004-1	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html	vendor-advisory, x_refsource_SUSE
	https://github.com/torvalds/linux/commit/f5364c150aa645b3d7daa21b5c0b9feaa1c9cd6d	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2016-2766.html	vendor-advisory, x_refsource_REDHAT
	http://www.ubuntu.com/usn/USN-3001-1	vendor-advisory, x_refsource_UBUNTU
	https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.3	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html	vendor-advisory, x_refsource_SUSE
	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f5364c150aa645b3d7daa21b5c0b9feaa1c9cd6d	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html	vendor-advisory, x_refsource_SUSE
	https://www.exploit-db.com/exploits/39992/	exploit, x_refsource_EXPLOIT-DB
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html	vendor-advisory, x_refsource_SUSE
	http://www.ubuntu.com/usn/USN-3005-1	vendor-advisory, x_refsource_UBUNTU
	https://bugs.chromium.org/p/project-zero/issues/detail?id=836	x_refsource_MISC
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html	vendor-advisory, x_refsource_SUSE
	http://www.securityfocus.com/bid/91157	vdb-entry, x_refsource_BID
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html	vendor-advisory, x_refsource_SUSE
	http://www.ubuntu.com/usn/USN-2999-1	vendor-advisory, x_refsource_UBUNTU
	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2f36db71009304b3f0b95afacd8eba1f9f046b87	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html	vendor-advisory, x_refsource_SUSE
	http://www.openwall.com/lists/oss-security/2016/06/10/8	mailing-list, x_refsource_MLIST
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html	vendor-advisory, x_refsource_SUSE
	http://www.ubuntu.com/usn/USN-2997-1	vendor-advisory, x_refsource_UBUNTU
	http://www.ubuntu.com/usn/USN-3000-1	vendor-advisory, x_refsource_UBUNTU
	https://github.com/torvalds/linux/commit/f0fe970df3838c202ef6c07a4c2b36838ef0a88b	x_refsource_MISC
	http://www.debian.org/security/2016/dsa-3607	vendor-advisory, x_refsource_DEBIAN
	http://www.securitytracker.com/id/1036763	vdb-entry, x_refsource_SECTRACK
	https://github.com/torvalds/linux/commit/2f36db71009304b3f0b95afacd8eba1f9f046b87	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/USN-3002-1	vendor-advisory, x_refsource_UBUNTU
	http://www.ubuntu.com/usn/USN-2996-1	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00027.html	vendor-advisory, x_refsource_SUSE
	https://access.redhat.com/errata/RHSA-2017:2760	vendor-advisory, x_refsource_REDHAT
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html	vendor-advisory, x_refsource_SUSE
	http://www.ubuntu.com/usn/USN-3007-1	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html	vendor-advisory, x_refsource_SUSE
	http://rhn.redhat.com/errata/RHSA-2016-2124.html	vendor-advisory, x_refsource_REDHAT
	http://www.ubuntu.com/usn/USN-3003-1	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html	vendor-advisory, x_refsource_SUSE
	http://www.openwall.com/lists/oss-security/2016/06/22/1	mailing-list, x_refsource_MLIST
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html	vendor-advisory, x_refsource_SUSE
	https://bugzilla.redhat.com/show_bug.cgi?id=1344721	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/USN-2998-1	vendor-advisory, x_refsource_UBUNTU
	http://packetstormsecurity.com/files/137560/Linux-ecryptfs-Stack-Overflow.html	x_refsource_MISC
	http://www.ubuntu.com/usn/USN-3008-1	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html	vendor-advisory, x_refsource_SUSE

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:02:11.789Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-3006-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3006-1"
          },
          {
            "name": "USN-3004-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3004-1"
          },
          {
            "name": "SUSE-SU-2016:2010",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/f5364c150aa645b3d7daa21b5c0b9feaa1c9cd6d"
          },
          {
            "name": "RHSA-2016:2766",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2766.html"
          },
          {
            "name": "USN-3001-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3001-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.3"
          },
          {
            "name": "SUSE-SU-2016:1696",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f5364c150aa645b3d7daa21b5c0b9feaa1c9cd6d"
          },
          {
            "name": "SUSE-SU-2016:1994",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html"
          },
          {
            "name": "39992",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/39992/"
          },
          {
            "name": "SUSE-SU-2016:1961",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html"
          },
          {
            "name": "USN-3005-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3005-1"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=836"
          },
          {
            "name": "SUSE-SU-2016:1985",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
          },
          {
            "name": "91157",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/91157"
          },
          {
            "name": "openSUSE-SU-2016:2184",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
          },
          {
            "name": "USN-2999-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2999-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2f36db71009304b3f0b95afacd8eba1f9f046b87"
          },
          {
            "name": "SUSE-SU-2016:2006",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html"
          },
          {
            "name": "[oss-security] 20160610 [vs-plain] Linux kernel stack overflow via ecryptfs and /proc/$pid/environ",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/06/10/8"
          },
          {
            "name": "SUSE-SU-2016:2014",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html"
          },
          {
            "name": "openSUSE-SU-2016:1641",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"
          },
          {
            "name": "USN-2997-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2997-1"
          },
          {
            "name": "USN-3000-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3000-1"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/f0fe970df3838c202ef6c07a4c2b36838ef0a88b"
          },
          {
            "name": "DSA-3607",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3607"
          },
          {
            "name": "1036763",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036763"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/2f36db71009304b3f0b95afacd8eba1f9f046b87"
          },
          {
            "name": "USN-3002-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3002-1"
          },
          {
            "name": "USN-2996-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2996-1"
          },
          {
            "name": "SUSE-SU-2016:1672",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
          },
          {
            "name": "SUSE-SU-2016:2009",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html"
          },
          {
            "name": "SUSE-SU-2016:1596",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00027.html"
          },
          {
            "name": "RHSA-2017:2760",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2760"
          },
          {
            "name": "SUSE-SU-2016:2005",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html"
          },
          {
            "name": "SUSE-SU-2016:2007",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html"
          },
          {
            "name": "USN-3007-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3007-1"
          },
          {
            "name": "SUSE-SU-2016:2000",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html"
          },
          {
            "name": "RHSA-2016:2124",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2124.html"
          },
          {
            "name": "USN-3003-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3003-1"
          },
          {
            "name": "SUSE-SU-2016:1995",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html"
          },
          {
            "name": "SUSE-SU-2016:2105",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
          },
          {
            "name": "[oss-security] 20160622 Re: [vs-plain] Linux kernel stack overflow via ecryptfs and /proc/$pid/environ",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/06/22/1"
          },
          {
            "name": "SUSE-SU-2016:2002",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1344721"
          },
          {
            "name": "USN-2998-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2998-1"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/137560/Linux-ecryptfs-Stack-Overflow.html"
          },
          {
            "name": "USN-3008-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-3008-1"
          },
          {
            "name": "SUSE-SU-2016:1937",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-06-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-12-06T21:57:01",
        "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "shortName": "canonical"
      },
      "references": [
        {
          "name": "USN-3006-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3006-1"
        },
        {
          "name": "USN-3004-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3004-1"
        },
        {
          "name": "SUSE-SU-2016:2010",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/torvalds/linux/commit/f5364c150aa645b3d7daa21b5c0b9feaa1c9cd6d"
        },
        {
          "name": "RHSA-2016:2766",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2766.html"
        },
        {
          "name": "USN-3001-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3001-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.3"
        },
        {
          "name": "SUSE-SU-2016:1696",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f5364c150aa645b3d7daa21b5c0b9feaa1c9cd6d"
        },
        {
          "name": "SUSE-SU-2016:1994",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html"
        },
        {
          "name": "39992",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/39992/"
        },
        {
          "name": "SUSE-SU-2016:1961",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html"
        },
        {
          "name": "USN-3005-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3005-1"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=836"
        },
        {
          "name": "SUSE-SU-2016:1985",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
        },
        {
          "name": "91157",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/91157"
        },
        {
          "name": "openSUSE-SU-2016:2184",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
        },
        {
          "name": "USN-2999-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2999-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2f36db71009304b3f0b95afacd8eba1f9f046b87"
        },
        {
          "name": "SUSE-SU-2016:2006",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html"
        },
        {
          "name": "[oss-security] 20160610 [vs-plain] Linux kernel stack overflow via ecryptfs and /proc/$pid/environ",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/06/10/8"
        },
        {
          "name": "SUSE-SU-2016:2014",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html"
        },
        {
          "name": "openSUSE-SU-2016:1641",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"
        },
        {
          "name": "USN-2997-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2997-1"
        },
        {
          "name": "USN-3000-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3000-1"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/torvalds/linux/commit/f0fe970df3838c202ef6c07a4c2b36838ef0a88b"
        },
        {
          "name": "DSA-3607",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3607"
        },
        {
          "name": "1036763",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1036763"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/torvalds/linux/commit/2f36db71009304b3f0b95afacd8eba1f9f046b87"
        },
        {
          "name": "USN-3002-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3002-1"
        },
        {
          "name": "USN-2996-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2996-1"
        },
        {
          "name": "SUSE-SU-2016:1672",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
        },
        {
          "name": "SUSE-SU-2016:2009",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html"
        },
        {
          "name": "SUSE-SU-2016:1596",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00027.html"
        },
        {
          "name": "RHSA-2017:2760",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2760"
        },
        {
          "name": "SUSE-SU-2016:2005",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html"
        },
        {
          "name": "SUSE-SU-2016:2007",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html"
        },
        {
          "name": "USN-3007-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3007-1"
        },
        {
          "name": "SUSE-SU-2016:2000",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html"
        },
        {
          "name": "RHSA-2016:2124",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2124.html"
        },
        {
          "name": "USN-3003-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3003-1"
        },
        {
          "name": "SUSE-SU-2016:1995",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html"
        },
        {
          "name": "SUSE-SU-2016:2105",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
        },
        {
          "name": "[oss-security] 20160622 Re: [vs-plain] Linux kernel stack overflow via ecryptfs and /proc/$pid/environ",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/06/22/1"
        },
        {
          "name": "SUSE-SU-2016:2002",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1344721"
        },
        {
          "name": "USN-2998-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2998-1"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/137560/Linux-ecryptfs-Stack-Overflow.html"
        },
        {
          "name": "USN-3008-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-3008-1"
        },
        {
          "name": "SUSE-SU-2016:1937",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@ubuntu.com",
          "ID": "CVE-2016-1583",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-3006-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-3006-1"
            },
            {
              "name": "USN-3004-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-3004-1"
            },
            {
              "name": "SUSE-SU-2016:2010",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/f5364c150aa645b3d7daa21b5c0b9feaa1c9cd6d",
              "refsource": "CONFIRM",
              "url": "https://github.com/torvalds/linux/commit/f5364c150aa645b3d7daa21b5c0b9feaa1c9cd6d"
            },
            {
              "name": "RHSA-2016:2766",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2766.html"
            },
            {
              "name": "USN-3001-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-3001-1"
            },
            {
              "name": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.3",
              "refsource": "CONFIRM",
              "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.3"
            },
            {
              "name": "SUSE-SU-2016:1696",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html"
            },
            {
              "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f5364c150aa645b3d7daa21b5c0b9feaa1c9cd6d",
              "refsource": "CONFIRM",
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f5364c150aa645b3d7daa21b5c0b9feaa1c9cd6d"
            },
            {
              "name": "SUSE-SU-2016:1994",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html"
            },
            {
              "name": "39992",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/39992/"
            },
            {
              "name": "SUSE-SU-2016:1961",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html"
            },
            {
              "name": "USN-3005-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-3005-1"
            },
            {
              "name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=836",
              "refsource": "MISC",
              "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=836"
            },
            {
              "name": "SUSE-SU-2016:1985",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"
            },
            {
              "name": "91157",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/91157"
            },
            {
              "name": "openSUSE-SU-2016:2184",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"
            },
            {
              "name": "USN-2999-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2999-1"
            },
            {
              "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2f36db71009304b3f0b95afacd8eba1f9f046b87",
              "refsource": "CONFIRM",
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2f36db71009304b3f0b95afacd8eba1f9f046b87"
            },
            {
              "name": "SUSE-SU-2016:2006",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html"
            },
            {
              "name": "[oss-security] 20160610 [vs-plain] Linux kernel stack overflow via ecryptfs and /proc/$pid/environ",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/06/10/8"
            },
            {
              "name": "SUSE-SU-2016:2014",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html"
            },
            {
              "name": "openSUSE-SU-2016:1641",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html"
            },
            {
              "name": "USN-2997-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2997-1"
            },
            {
              "name": "USN-3000-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-3000-1"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/f0fe970df3838c202ef6c07a4c2b36838ef0a88b",
              "refsource": "MISC",
              "url": "https://github.com/torvalds/linux/commit/f0fe970df3838c202ef6c07a4c2b36838ef0a88b"
            },
            {
              "name": "DSA-3607",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2016/dsa-3607"
            },
            {
              "name": "1036763",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1036763"
            },
            {
              "name": "https://github.com/torvalds/linux/commit/2f36db71009304b3f0b95afacd8eba1f9f046b87",
              "refsource": "CONFIRM",
              "url": "https://github.com/torvalds/linux/commit/2f36db71009304b3f0b95afacd8eba1f9f046b87"
            },
            {
              "name": "USN-3002-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-3002-1"
            },
            {
              "name": "USN-2996-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2996-1"
            },
            {
              "name": "SUSE-SU-2016:1672",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"
            },
            {
              "name": "SUSE-SU-2016:2009",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html"
            },
            {
              "name": "SUSE-SU-2016:1596",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00027.html"
            },
            {
              "name": "RHSA-2017:2760",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2760"
            },
            {
              "name": "SUSE-SU-2016:2005",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html"
            },
            {
              "name": "SUSE-SU-2016:2007",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html"
            },
            {
              "name": "USN-3007-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-3007-1"
            },
            {
              "name": "SUSE-SU-2016:2000",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html"
            },
            {
              "name": "RHSA-2016:2124",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2124.html"
            },
            {
              "name": "USN-3003-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-3003-1"
            },
            {
              "name": "SUSE-SU-2016:1995",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html"
            },
            {
              "name": "SUSE-SU-2016:2105",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"
            },
            {
              "name": "[oss-security] 20160622 Re: [vs-plain] Linux kernel stack overflow via ecryptfs and /proc/$pid/environ",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/06/22/1"
            },
            {
              "name": "SUSE-SU-2016:2002",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1344721",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1344721"
            },
            {
              "name": "USN-2998-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2998-1"
            },
            {
              "name": "http://packetstormsecurity.com/files/137560/Linux-ecryptfs-Stack-Overflow.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/137560/Linux-ecryptfs-Stack-Overflow.html"
            },
            {
              "name": "USN-3008-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-3008-1"
            },
            {
              "name": "SUSE-SU-2016:1937",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
    "assignerShortName": "canonical",
    "cveId": "CVE-2016-1583",
    "datePublished": "2016-06-27T10:00:00",
    "dateReserved": "2016-01-12T00:00:00",
    "dateUpdated": "2024-08-05T23:02:11.789Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

suse-su-2016:2002-1

Vulnerability from csaf_suse

CVE-2016-4470 (GCVE-0-2016-4470)

Vulnerability from cvelistv5

CVE-2016-4565 (GCVE-0-2016-4565)

Vulnerability from cvelistv5

CVE-2016-2053 (GCVE-0-2016-2053)

Vulnerability from cvelistv5

CVE-2016-0758 (GCVE-0-2016-0758)

Vulnerability from cvelistv5

CVE-2015-8816 (GCVE-0-2015-8816)

Vulnerability from cvelistv5

CVE-2016-3134 (GCVE-0-2016-3134)

Vulnerability from cvelistv5

CVE-2013-7446 (GCVE-0-2013-7446)

Vulnerability from cvelistv5

CVE-2016-1583 (GCVE-0-2016-1583)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature