csaf_suse - suse-su-2016:2006-1

Vulnerability from csaf_suse

Published

2016-08-09 11:23

Modified

2016-08-09 11:23

Summary

Security update for Linux Kernel Live Patch 12 for SLE 12

Notes

Title of the patch

Security update for Linux Kernel Live Patch 12 for SLE 12

Description of the patch

This update for the Linux Kernel 3.12.55-52_42 fixes several issues. The following security bugs were fixed: - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bsc#984764). - CVE-2016-1583: The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling (bsc#983144). - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel incorrectly relied on the write system call, which allowed local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface (bsc#980883). - CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in the Linux kernel allowed local users to gain privileges via crafted ASN.1 data (bsc#980856). - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel allowed attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c (bsc#979074). - CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in the Linux kernel did not properly maintain a hub-interface data structure, which allowed physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device (bsc#979064). - CVE-2016-3134: The netfilter subsystem in the Linux kernel did not validate certain offset fields, which allowed local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call (bsc#971793). - CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel allowed local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls (bsc#973570, bsc#955837).

Patchnames

SUSE-SLE-SAP-12-2016-1173,SUSE-SLE-SERVER-12-2016-1173

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
   document: {
      aggregate_severity: {
         namespace: "https://www.suse.com/support/security/rating/",
         text: "important",
      },
      category: "csaf_security_advisory",
      csaf_version: "2.0",
      distribution: {
         text: "Copyright 2024 SUSE LLC. All rights reserved.",
         tlp: {
            label: "WHITE",
            url: "https://www.first.org/tlp/",
         },
      },
      lang: "en",
      notes: [
         {
            category: "summary",
            text: "Security update for Linux Kernel Live Patch 12 for SLE 12",
            title: "Title of the patch",
         },
         {
            category: "description",
            text: "This update for the Linux Kernel 3.12.55-52_42 fixes several issues.\n\nThe following security bugs were fixed:\n- CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bsc#984764).\n- CVE-2016-1583: The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling (bsc#983144).\n- CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel incorrectly relied on the write system call, which allowed local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface (bsc#980883).\n- CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in the Linux kernel allowed local users to gain privileges via crafted ASN.1 data (bsc#980856).\n- CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel allowed attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c (bsc#979074).\n- CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in the Linux kernel did not properly maintain a hub-interface data structure, which allowed physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device (bsc#979064).\n- CVE-2016-3134: The netfilter subsystem in the Linux kernel did not validate certain offset fields, which allowed local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call (bsc#971793).\n- CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel allowed local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls (bsc#973570, bsc#955837).\n",
            title: "Description of the patch",
         },
         {
            category: "details",
            text: "SUSE-SLE-SAP-12-2016-1173,SUSE-SLE-SERVER-12-2016-1173",
            title: "Patchnames",
         },
         {
            category: "legal_disclaimer",
            text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
            title: "Terms of use",
         },
      ],
      publisher: {
         category: "vendor",
         contact_details: "https://www.suse.com/support/security/contact/",
         name: "SUSE Product Security Team",
         namespace: "https://www.suse.com/",
      },
      references: [
         {
            category: "external",
            summary: "SUSE ratings",
            url: "https://www.suse.com/support/security/rating/",
         },
         {
            category: "self",
            summary: "URL of this CSAF notice",
            url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2016_2006-1.json",
         },
         {
            category: "self",
            summary: "URL for SUSE-SU-2016:2006-1",
            url: "https://www.suse.com/support/update/announcement/2016/suse-su-20162006-1/",
         },
         {
            category: "self",
            summary: "E-Mail link for SUSE-SU-2016:2006-1",
            url: "https://lists.suse.com/pipermail/sle-security-updates/2016-August/002192.html",
         },
         {
            category: "self",
            summary: "SUSE Bug 955837",
            url: "https://bugzilla.suse.com/955837",
         },
         {
            category: "self",
            summary: "SUSE Bug 971793",
            url: "https://bugzilla.suse.com/971793",
         },
         {
            category: "self",
            summary: "SUSE Bug 973570",
            url: "https://bugzilla.suse.com/973570",
         },
         {
            category: "self",
            summary: "SUSE Bug 979064",
            url: "https://bugzilla.suse.com/979064",
         },
         {
            category: "self",
            summary: "SUSE Bug 979074",
            url: "https://bugzilla.suse.com/979074",
         },
         {
            category: "self",
            summary: "SUSE Bug 980856",
            url: "https://bugzilla.suse.com/980856",
         },
         {
            category: "self",
            summary: "SUSE Bug 980883",
            url: "https://bugzilla.suse.com/980883",
         },
         {
            category: "self",
            summary: "SUSE Bug 983144",
            url: "https://bugzilla.suse.com/983144",
         },
         {
            category: "self",
            summary: "SUSE Bug 984764",
            url: "https://bugzilla.suse.com/984764",
         },
         {
            category: "self",
            summary: "SUSE CVE CVE-2013-7446 page",
            url: "https://www.suse.com/security/cve/CVE-2013-7446/",
         },
         {
            category: "self",
            summary: "SUSE CVE CVE-2015-8816 page",
            url: "https://www.suse.com/security/cve/CVE-2015-8816/",
         },
         {
            category: "self",
            summary: "SUSE CVE CVE-2016-0758 page",
            url: "https://www.suse.com/security/cve/CVE-2016-0758/",
         },
         {
            category: "self",
            summary: "SUSE CVE CVE-2016-1583 page",
            url: "https://www.suse.com/security/cve/CVE-2016-1583/",
         },
         {
            category: "self",
            summary: "SUSE CVE CVE-2016-2053 page",
            url: "https://www.suse.com/security/cve/CVE-2016-2053/",
         },
         {
            category: "self",
            summary: "SUSE CVE CVE-2016-3134 page",
            url: "https://www.suse.com/security/cve/CVE-2016-3134/",
         },
         {
            category: "self",
            summary: "SUSE CVE CVE-2016-4470 page",
            url: "https://www.suse.com/security/cve/CVE-2016-4470/",
         },
         {
            category: "self",
            summary: "SUSE CVE CVE-2016-4565 page",
            url: "https://www.suse.com/security/cve/CVE-2016-4565/",
         },
      ],
      title: "Security update for Linux Kernel Live Patch 12 for SLE 12",
      tracking: {
         current_release_date: "2016-08-09T11:23:24Z",
         generator: {
            date: "2016-08-09T11:23:24Z",
            engine: {
               name: "cve-database.git:bin/generate-csaf.pl",
               version: "1",
            },
         },
         id: "SUSE-SU-2016:2006-1",
         initial_release_date: "2016-08-09T11:23:24Z",
         revision_history: [
            {
               date: "2016-08-09T11:23:24Z",
               number: "1",
               summary: "Current version",
            },
         ],
         status: "final",
         version: "1",
      },
   },
   product_tree: {
      branches: [
         {
            branches: [
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "kgraft-patch-3_12_55-52_42-default-2-2.2.x86_64",
                        product: {
                           name: "kgraft-patch-3_12_55-52_42-default-2-2.2.x86_64",
                           product_id: "kgraft-patch-3_12_55-52_42-default-2-2.2.x86_64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "kgraft-patch-3_12_55-52_42-xen-2-2.2.x86_64",
                        product: {
                           name: "kgraft-patch-3_12_55-52_42-xen-2-2.2.x86_64",
                           product_id: "kgraft-patch-3_12_55-52_42-xen-2-2.2.x86_64",
                        },
                     },
                  ],
                  category: "architecture",
                  name: "x86_64",
               },
               {
                  branches: [
                     {
                        category: "product_name",
                        name: "SUSE Linux Enterprise Server for SAP Applications 12",
                        product: {
                           name: "SUSE Linux Enterprise Server for SAP Applications 12",
                           product_id: "SUSE Linux Enterprise Server for SAP Applications 12",
                           product_identification_helper: {
                              cpe: "cpe:/o:suse:sles_sap:12",
                           },
                        },
                     },
                     {
                        category: "product_name",
                        name: "SUSE Linux Enterprise Server 12-LTSS",
                        product: {
                           name: "SUSE Linux Enterprise Server 12-LTSS",
                           product_id: "SUSE Linux Enterprise Server 12-LTSS",
                           product_identification_helper: {
                              cpe: "cpe:/o:suse:sles-ltss:12",
                           },
                        },
                     },
                  ],
                  category: "product_family",
                  name: "SUSE Linux Enterprise",
               },
            ],
            category: "vendor",
            name: "SUSE",
         },
      ],
      relationships: [
         {
            category: "default_component_of",
            full_product_name: {
               name: "kgraft-patch-3_12_55-52_42-default-2-2.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12",
               product_id: "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_55-52_42-default-2-2.2.x86_64",
            },
            product_reference: "kgraft-patch-3_12_55-52_42-default-2-2.2.x86_64",
            relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "kgraft-patch-3_12_55-52_42-xen-2-2.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12",
               product_id: "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_55-52_42-xen-2-2.2.x86_64",
            },
            product_reference: "kgraft-patch-3_12_55-52_42-xen-2-2.2.x86_64",
            relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 12",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "kgraft-patch-3_12_55-52_42-default-2-2.2.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
               product_id: "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_55-52_42-default-2-2.2.x86_64",
            },
            product_reference: "kgraft-patch-3_12_55-52_42-default-2-2.2.x86_64",
            relates_to_product_reference: "SUSE Linux Enterprise Server 12-LTSS",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "kgraft-patch-3_12_55-52_42-xen-2-2.2.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
               product_id: "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_55-52_42-xen-2-2.2.x86_64",
            },
            product_reference: "kgraft-patch-3_12_55-52_42-xen-2-2.2.x86_64",
            relates_to_product_reference: "SUSE Linux Enterprise Server 12-LTSS",
         },
      ],
   },
   vulnerabilities: [
      {
         cve: "CVE-2013-7446",
         ids: [
            {
               system_name: "SUSE CVE Page",
               text: "https://www.suse.com/security/cve/CVE-2013-7446",
            },
         ],
         notes: [
            {
               category: "general",
               text: "Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel before 4.3.3 allows local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls.",
               title: "CVE description",
            },
         ],
         product_status: {
            recommended: [
               "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_55-52_42-default-2-2.2.x86_64",
               "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_55-52_42-xen-2-2.2.x86_64",
               "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_55-52_42-default-2-2.2.x86_64",
               "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_55-52_42-xen-2-2.2.x86_64",
            ],
         },
         references: [
            {
               category: "external",
               summary: "CVE-2013-7446",
               url: "https://www.suse.com/security/cve/CVE-2013-7446",
            },
            {
               category: "external",
               summary: "SUSE Bug 1020452 for CVE-2013-7446",
               url: "https://bugzilla.suse.com/1020452",
            },
            {
               category: "external",
               summary: "SUSE Bug 955654 for CVE-2013-7446",
               url: "https://bugzilla.suse.com/955654",
            },
            {
               category: "external",
               summary: "SUSE Bug 955837 for CVE-2013-7446",
               url: "https://bugzilla.suse.com/955837",
            },
         ],
         remediations: [
            {
               category: "vendor_fix",
               details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
               product_ids: [
                  "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_55-52_42-default-2-2.2.x86_64",
                  "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_55-52_42-xen-2-2.2.x86_64",
                  "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_55-52_42-default-2-2.2.x86_64",
                  "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_55-52_42-xen-2-2.2.x86_64",
               ],
            },
         ],
         threats: [
            {
               category: "impact",
               date: "2016-08-09T11:23:24Z",
               details: "moderate",
            },
         ],
         title: "CVE-2013-7446",
      },
      {
         cve: "CVE-2015-8816",
         ids: [
            {
               system_name: "SUSE CVE Page",
               text: "https://www.suse.com/security/cve/CVE-2015-8816",
            },
         ],
         notes: [
            {
               category: "general",
               text: "The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device.",
               title: "CVE description",
            },
         ],
         product_status: {
            recommended: [
               "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_55-52_42-default-2-2.2.x86_64",
               "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_55-52_42-xen-2-2.2.x86_64",
               "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_55-52_42-default-2-2.2.x86_64",
               "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_55-52_42-xen-2-2.2.x86_64",
            ],
         },
         references: [
            {
               category: "external",
               summary: "CVE-2015-8816",
               url: "https://www.suse.com/security/cve/CVE-2015-8816",
            },
            {
               category: "external",
               summary: "SUSE Bug 1020452 for CVE-2015-8816",
               url: "https://bugzilla.suse.com/1020452",
            },
            {
               category: "external",
               summary: "SUSE Bug 968010 for CVE-2015-8816",
               url: "https://bugzilla.suse.com/968010",
            },
            {
               category: "external",
               summary: "SUSE Bug 979064 for CVE-2015-8816",
               url: "https://bugzilla.suse.com/979064",
            },
         ],
         remediations: [
            {
               category: "vendor_fix",
               details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
               product_ids: [
                  "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_55-52_42-default-2-2.2.x86_64",
                  "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_55-52_42-xen-2-2.2.x86_64",
                  "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_55-52_42-default-2-2.2.x86_64",
                  "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_55-52_42-xen-2-2.2.x86_64",
               ],
            },
         ],
         scores: [
            {
               cvss_v3: {
                  baseScore: 6.8,
                  baseSeverity: "MEDIUM",
                  vectorString: "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
               products: [
                  "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_55-52_42-default-2-2.2.x86_64",
                  "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_55-52_42-xen-2-2.2.x86_64",
                  "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_55-52_42-default-2-2.2.x86_64",
                  "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_55-52_42-xen-2-2.2.x86_64",
               ],
            },
         ],
         threats: [
            {
               category: "impact",
               date: "2016-08-09T11:23:24Z",
               details: "moderate",
            },
         ],
         title: "CVE-2015-8816",
      },
      {
         cve: "CVE-2016-0758",
         ids: [
            {
               system_name: "SUSE CVE Page",
               text: "https://www.suse.com/security/cve/CVE-2016-0758",
            },
         ],
         notes: [
            {
               category: "general",
               text: "Integer overflow in lib/asn1_decoder.c in the Linux kernel before 4.6 allows local users to gain privileges via crafted ASN.1 data.",
               title: "CVE description",
            },
         ],
         product_status: {
            recommended: [
               "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_55-52_42-default-2-2.2.x86_64",
               "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_55-52_42-xen-2-2.2.x86_64",
               "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_55-52_42-default-2-2.2.x86_64",
               "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_55-52_42-xen-2-2.2.x86_64",
            ],
         },
         references: [
            {
               category: "external",
               summary: "CVE-2016-0758",
               url: "https://www.suse.com/security/cve/CVE-2016-0758",
            },
            {
               category: "external",
               summary: "SUSE Bug 1020452 for CVE-2016-0758",
               url: "https://bugzilla.suse.com/1020452",
            },
            {
               category: "external",
               summary: "SUSE Bug 1072204 for CVE-2016-0758",
               url: "https://bugzilla.suse.com/1072204",
            },
            {
               category: "external",
               summary: "SUSE Bug 1115893 for CVE-2016-0758",
               url: "https://bugzilla.suse.com/1115893",
            },
            {
               category: "external",
               summary: "SUSE Bug 979867 for CVE-2016-0758",
               url: "https://bugzilla.suse.com/979867",
            },
            {
               category: "external",
               summary: "SUSE Bug 980856 for CVE-2016-0758",
               url: "https://bugzilla.suse.com/980856",
            },
         ],
         remediations: [
            {
               category: "vendor_fix",
               details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
               product_ids: [
                  "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_55-52_42-default-2-2.2.x86_64",
                  "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_55-52_42-xen-2-2.2.x86_64",
                  "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_55-52_42-default-2-2.2.x86_64",
                  "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_55-52_42-xen-2-2.2.x86_64",
               ],
            },
         ],
         scores: [
            {
               cvss_v3: {
                  baseScore: 7.8,
                  baseSeverity: "HIGH",
                  vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
               products: [
                  "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_55-52_42-default-2-2.2.x86_64",
                  "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_55-52_42-xen-2-2.2.x86_64",
                  "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_55-52_42-default-2-2.2.x86_64",
                  "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_55-52_42-xen-2-2.2.x86_64",
               ],
            },
         ],
         threats: [
            {
               category: "impact",
               date: "2016-08-09T11:23:24Z",
               details: "important",
            },
         ],
         title: "CVE-2016-0758",
      },
      {
         cve: "CVE-2016-1583",
         ids: [
            {
               system_name: "SUSE CVE Page",
               text: "https://www.suse.com/security/cve/CVE-2016-1583",
            },
         ],
         notes: [
            {
               category: "general",
               text: "The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling.",
               title: "CVE description",
            },
         ],
         product_status: {
            recommended: [
               "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_55-52_42-default-2-2.2.x86_64",
               "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_55-52_42-xen-2-2.2.x86_64",
               "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_55-52_42-default-2-2.2.x86_64",
               "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_55-52_42-xen-2-2.2.x86_64",
            ],
         },
         references: [
            {
               category: "external",
               summary: "CVE-2016-1583",
               url: "https://www.suse.com/security/cve/CVE-2016-1583",
            },
            {
               category: "external",
               summary: "SUSE Bug 1020452 for CVE-2016-1583",
               url: "https://bugzilla.suse.com/1020452",
            },
            {
               category: "external",
               summary: "SUSE Bug 1052256 for CVE-2016-1583",
               url: "https://bugzilla.suse.com/1052256",
            },
            {
               category: "external",
               summary: "SUSE Bug 983143 for CVE-2016-1583",
               url: "https://bugzilla.suse.com/983143",
            },
            {
               category: "external",
               summary: "SUSE Bug 983144 for CVE-2016-1583",
               url: "https://bugzilla.suse.com/983144",
            },
         ],
         remediations: [
            {
               category: "vendor_fix",
               details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
               product_ids: [
                  "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_55-52_42-default-2-2.2.x86_64",
                  "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_55-52_42-xen-2-2.2.x86_64",
                  "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_55-52_42-default-2-2.2.x86_64",
                  "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_55-52_42-xen-2-2.2.x86_64",
               ],
            },
         ],
         scores: [
            {
               cvss_v3: {
                  baseScore: 8.1,
                  baseSeverity: "HIGH",
                  vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
                  version: "3.1",
               },
               products: [
                  "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_55-52_42-default-2-2.2.x86_64",
                  "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_55-52_42-xen-2-2.2.x86_64",
                  "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_55-52_42-default-2-2.2.x86_64",
                  "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_55-52_42-xen-2-2.2.x86_64",
               ],
            },
         ],
         threats: [
            {
               category: "impact",
               date: "2016-08-09T11:23:24Z",
               details: "important",
            },
         ],
         title: "CVE-2016-1583",
      },
      {
         cve: "CVE-2016-2053",
         ids: [
            {
               system_name: "SUSE CVE Page",
               text: "https://www.suse.com/security/cve/CVE-2016-2053",
            },
         ],
         notes: [
            {
               category: "general",
               text: "The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel before 4.3 allows attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c.",
               title: "CVE description",
            },
         ],
         product_status: {
            recommended: [
               "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_55-52_42-default-2-2.2.x86_64",
               "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_55-52_42-xen-2-2.2.x86_64",
               "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_55-52_42-default-2-2.2.x86_64",
               "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_55-52_42-xen-2-2.2.x86_64",
            ],
         },
         references: [
            {
               category: "external",
               summary: "CVE-2016-2053",
               url: "https://www.suse.com/security/cve/CVE-2016-2053",
            },
            {
               category: "external",
               summary: "SUSE Bug 1020452 for CVE-2016-2053",
               url: "https://bugzilla.suse.com/1020452",
            },
            {
               category: "external",
               summary: "SUSE Bug 963762 for CVE-2016-2053",
               url: "https://bugzilla.suse.com/963762",
            },
            {
               category: "external",
               summary: "SUSE Bug 979074 for CVE-2016-2053",
               url: "https://bugzilla.suse.com/979074",
            },
         ],
         remediations: [
            {
               category: "vendor_fix",
               details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
               product_ids: [
                  "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_55-52_42-default-2-2.2.x86_64",
                  "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_55-52_42-xen-2-2.2.x86_64",
                  "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_55-52_42-default-2-2.2.x86_64",
                  "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_55-52_42-xen-2-2.2.x86_64",
               ],
            },
         ],
         scores: [
            {
               cvss_v3: {
                  baseScore: 4.7,
                  baseSeverity: "MEDIUM",
                  vectorString: "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  version: "3.0",
               },
               products: [
                  "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_55-52_42-default-2-2.2.x86_64",
                  "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_55-52_42-xen-2-2.2.x86_64",
                  "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_55-52_42-default-2-2.2.x86_64",
                  "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_55-52_42-xen-2-2.2.x86_64",
               ],
            },
         ],
         threats: [
            {
               category: "impact",
               date: "2016-08-09T11:23:24Z",
               details: "moderate",
            },
         ],
         title: "CVE-2016-2053",
      },
      {
         cve: "CVE-2016-3134",
         ids: [
            {
               system_name: "SUSE CVE Page",
               text: "https://www.suse.com/security/cve/CVE-2016-3134",
            },
         ],
         notes: [
            {
               category: "general",
               text: "The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call.",
               title: "CVE description",
            },
         ],
         product_status: {
            recommended: [
               "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_55-52_42-default-2-2.2.x86_64",
               "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_55-52_42-xen-2-2.2.x86_64",
               "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_55-52_42-default-2-2.2.x86_64",
               "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_55-52_42-xen-2-2.2.x86_64",
            ],
         },
         references: [
            {
               category: "external",
               summary: "CVE-2016-3134",
               url: "https://www.suse.com/security/cve/CVE-2016-3134",
            },
            {
               category: "external",
               summary: "SUSE Bug 1020452 for CVE-2016-3134",
               url: "https://bugzilla.suse.com/1020452",
            },
            {
               category: "external",
               summary: "SUSE Bug 1052256 for CVE-2016-3134",
               url: "https://bugzilla.suse.com/1052256",
            },
            {
               category: "external",
               summary: "SUSE Bug 1115893 for CVE-2016-3134",
               url: "https://bugzilla.suse.com/1115893",
            },
            {
               category: "external",
               summary: "SUSE Bug 971126 for CVE-2016-3134",
               url: "https://bugzilla.suse.com/971126",
            },
            {
               category: "external",
               summary: "SUSE Bug 971793 for CVE-2016-3134",
               url: "https://bugzilla.suse.com/971793",
            },
            {
               category: "external",
               summary: "SUSE Bug 986362 for CVE-2016-3134",
               url: "https://bugzilla.suse.com/986362",
            },
            {
               category: "external",
               summary: "SUSE Bug 986365 for CVE-2016-3134",
               url: "https://bugzilla.suse.com/986365",
            },
            {
               category: "external",
               summary: "SUSE Bug 986377 for CVE-2016-3134",
               url: "https://bugzilla.suse.com/986377",
            },
         ],
         remediations: [
            {
               category: "vendor_fix",
               details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
               product_ids: [
                  "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_55-52_42-default-2-2.2.x86_64",
                  "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_55-52_42-xen-2-2.2.x86_64",
                  "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_55-52_42-default-2-2.2.x86_64",
                  "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_55-52_42-xen-2-2.2.x86_64",
               ],
            },
         ],
         scores: [
            {
               cvss_v3: {
                  baseScore: 8.4,
                  baseSeverity: "HIGH",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
               products: [
                  "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_55-52_42-default-2-2.2.x86_64",
                  "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_55-52_42-xen-2-2.2.x86_64",
                  "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_55-52_42-default-2-2.2.x86_64",
                  "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_55-52_42-xen-2-2.2.x86_64",
               ],
            },
         ],
         threats: [
            {
               category: "impact",
               date: "2016-08-09T11:23:24Z",
               details: "moderate",
            },
         ],
         title: "CVE-2016-3134",
      },
      {
         cve: "CVE-2016-4470",
         ids: [
            {
               system_name: "SUSE CVE Page",
               text: "https://www.suse.com/security/cve/CVE-2016-4470",
            },
         ],
         notes: [
            {
               category: "general",
               text: "The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command.",
               title: "CVE description",
            },
         ],
         product_status: {
            recommended: [
               "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_55-52_42-default-2-2.2.x86_64",
               "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_55-52_42-xen-2-2.2.x86_64",
               "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_55-52_42-default-2-2.2.x86_64",
               "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_55-52_42-xen-2-2.2.x86_64",
            ],
         },
         references: [
            {
               category: "external",
               summary: "CVE-2016-4470",
               url: "https://www.suse.com/security/cve/CVE-2016-4470",
            },
            {
               category: "external",
               summary: "SUSE Bug 1020452 for CVE-2016-4470",
               url: "https://bugzilla.suse.com/1020452",
            },
            {
               category: "external",
               summary: "SUSE Bug 984755 for CVE-2016-4470",
               url: "https://bugzilla.suse.com/984755",
            },
            {
               category: "external",
               summary: "SUSE Bug 984764 for CVE-2016-4470",
               url: "https://bugzilla.suse.com/984764",
            },
            {
               category: "external",
               summary: "SUSE Bug 991651 for CVE-2016-4470",
               url: "https://bugzilla.suse.com/991651",
            },
         ],
         remediations: [
            {
               category: "vendor_fix",
               details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
               product_ids: [
                  "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_55-52_42-default-2-2.2.x86_64",
                  "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_55-52_42-xen-2-2.2.x86_64",
                  "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_55-52_42-default-2-2.2.x86_64",
                  "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_55-52_42-xen-2-2.2.x86_64",
               ],
            },
         ],
         scores: [
            {
               cvss_v3: {
                  baseScore: 5.5,
                  baseSeverity: "MEDIUM",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                  version: "3.0",
               },
               products: [
                  "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_55-52_42-default-2-2.2.x86_64",
                  "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_55-52_42-xen-2-2.2.x86_64",
                  "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_55-52_42-default-2-2.2.x86_64",
                  "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_55-52_42-xen-2-2.2.x86_64",
               ],
            },
         ],
         threats: [
            {
               category: "impact",
               date: "2016-08-09T11:23:24Z",
               details: "moderate",
            },
         ],
         title: "CVE-2016-4470",
      },
      {
         cve: "CVE-2016-4565",
         ids: [
            {
               system_name: "SUSE CVE Page",
               text: "https://www.suse.com/security/cve/CVE-2016-4565",
            },
         ],
         notes: [
            {
               category: "general",
               text: "The InfiniBand (aka IB) stack in the Linux kernel before 4.5.3 incorrectly relies on the write system call, which allows local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface.",
               title: "CVE description",
            },
         ],
         product_status: {
            recommended: [
               "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_55-52_42-default-2-2.2.x86_64",
               "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_55-52_42-xen-2-2.2.x86_64",
               "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_55-52_42-default-2-2.2.x86_64",
               "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_55-52_42-xen-2-2.2.x86_64",
            ],
         },
         references: [
            {
               category: "external",
               summary: "CVE-2016-4565",
               url: "https://www.suse.com/security/cve/CVE-2016-4565",
            },
            {
               category: "external",
               summary: "SUSE Bug 1020452 for CVE-2016-4565",
               url: "https://bugzilla.suse.com/1020452",
            },
            {
               category: "external",
               summary: "SUSE Bug 979548 for CVE-2016-4565",
               url: "https://bugzilla.suse.com/979548",
            },
            {
               category: "external",
               summary: "SUSE Bug 980363 for CVE-2016-4565",
               url: "https://bugzilla.suse.com/980363",
            },
            {
               category: "external",
               summary: "SUSE Bug 980883 for CVE-2016-4565",
               url: "https://bugzilla.suse.com/980883",
            },
         ],
         remediations: [
            {
               category: "vendor_fix",
               details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
               product_ids: [
                  "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_55-52_42-default-2-2.2.x86_64",
                  "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_55-52_42-xen-2-2.2.x86_64",
                  "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_55-52_42-default-2-2.2.x86_64",
                  "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_55-52_42-xen-2-2.2.x86_64",
               ],
            },
         ],
         scores: [
            {
               cvss_v3: {
                  baseScore: 7.8,
                  baseSeverity: "HIGH",
                  vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
               products: [
                  "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_55-52_42-default-2-2.2.x86_64",
                  "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_55-52_42-xen-2-2.2.x86_64",
                  "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_55-52_42-default-2-2.2.x86_64",
                  "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_55-52_42-xen-2-2.2.x86_64",
               ],
            },
         ],
         threats: [
            {
               category: "impact",
               date: "2016-08-09T11:23:24Z",
               details: "moderate",
            },
         ],
         title: "CVE-2016-4565",
      },
   ],
}

cve-2016-2053

Vulnerability from cvelistv5

Published

2016-05-02 10:00

Modified

2024-08-05 23:17

Severity ?

Summary

The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel before 4.3 allows attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c.

References

▼	URL	Tags
	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00023.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00017.html	vendor-advisory, x_refsource_SUSE
	https://bugzilla.redhat.com/show_bug.cgi?id=1300237	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html	vendor-advisory, x_refsource_SUSE
	http://www.openwall.com/lists/oss-security/2016/01/25/4	mailing-list, x_refsource_MLIST
	https://github.com/torvalds/linux/commit/0d62e9dd6da45bbf0f33a8617afc5fe774c8f45f	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2016-2584.html	vendor-advisory, x_refsource_REDHAT
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html	vendor-advisory, x_refsource_SUSE
	http://rhn.redhat.com/errata/RHSA-2016-2574.html	vendor-advisory, x_refsource_REDHAT
	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html	vendor-advisory, x_refsource_SUSE
	http://www.securitytracker.com/id/1036763	vdb-entry, x_refsource_SECTRACK
	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0d62e9dd6da45bbf0f33a8617afc5fe774c8f45f	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html	vendor-advisory, x_refsource_SUSE

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T23:17:50.397Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "SUSE-SU-2016:1690",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html",
               },
               {
                  name: "SUSE-SU-2016:2010",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html",
               },
               {
                  name: "SUSE-SU-2016:2011",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00023.html",
               },
               {
                  name: "SUSE-SU-2016:2003",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00017.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1300237",
               },
               {
                  name: "SUSE-SU-2016:1994",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html",
               },
               {
                  name: "SUSE-SU-2016:1961",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html",
               },
               {
                  name: "SUSE-SU-2016:2001",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html",
               },
               {
                  name: "SUSE-SU-2016:1985",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html",
               },
               {
                  name: "openSUSE-SU-2016:2184",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html",
               },
               {
                  name: "SUSE-SU-2016:2006",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html",
               },
               {
                  name: "[oss-security] 20160125 Re: Linux kernel : Denial of service with specially crafted key file.",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2016/01/25/4",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/torvalds/linux/commit/0d62e9dd6da45bbf0f33a8617afc5fe774c8f45f",
               },
               {
                  name: "RHSA-2016:2584",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-2584.html",
               },
               {
                  name: "SUSE-SU-2016:2014",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html",
               },
               {
                  name: "RHSA-2016:2574",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-2574.html",
               },
               {
                  name: "openSUSE-SU-2016:1641",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html",
               },
               {
                  name: "1036763",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id/1036763",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0d62e9dd6da45bbf0f33a8617afc5fe774c8f45f",
               },
               {
                  name: "SUSE-SU-2016:1672",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html",
               },
               {
                  name: "SUSE-SU-2016:2009",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html",
               },
               {
                  name: "SUSE-SU-2016:2005",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html",
               },
               {
                  name: "SUSE-SU-2016:2007",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html",
               },
               {
                  name: "SUSE-SU-2016:2000",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html",
               },
               {
                  name: "SUSE-SU-2016:1995",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html",
               },
               {
                  name: "SUSE-SU-2016:2105",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html",
               },
               {
                  name: "SUSE-SU-2016:2002",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html",
               },
               {
                  name: "SUSE-SU-2016:1937",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2016-01-25T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel before 4.3 allows attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-01-04T19:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "SUSE-SU-2016:1690",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html",
            },
            {
               name: "SUSE-SU-2016:2010",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html",
            },
            {
               name: "SUSE-SU-2016:2011",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00023.html",
            },
            {
               name: "SUSE-SU-2016:2003",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00017.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1300237",
            },
            {
               name: "SUSE-SU-2016:1994",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html",
            },
            {
               name: "SUSE-SU-2016:1961",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html",
            },
            {
               name: "SUSE-SU-2016:2001",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html",
            },
            {
               name: "SUSE-SU-2016:1985",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html",
            },
            {
               name: "openSUSE-SU-2016:2184",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html",
            },
            {
               name: "SUSE-SU-2016:2006",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html",
            },
            {
               name: "[oss-security] 20160125 Re: Linux kernel : Denial of service with specially crafted key file.",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2016/01/25/4",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/torvalds/linux/commit/0d62e9dd6da45bbf0f33a8617afc5fe774c8f45f",
            },
            {
               name: "RHSA-2016:2584",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-2584.html",
            },
            {
               name: "SUSE-SU-2016:2014",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html",
            },
            {
               name: "RHSA-2016:2574",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-2574.html",
            },
            {
               name: "openSUSE-SU-2016:1641",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html",
            },
            {
               name: "1036763",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id/1036763",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0d62e9dd6da45bbf0f33a8617afc5fe774c8f45f",
            },
            {
               name: "SUSE-SU-2016:1672",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html",
            },
            {
               name: "SUSE-SU-2016:2009",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html",
            },
            {
               name: "SUSE-SU-2016:2005",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html",
            },
            {
               name: "SUSE-SU-2016:2007",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html",
            },
            {
               name: "SUSE-SU-2016:2000",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html",
            },
            {
               name: "SUSE-SU-2016:1995",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html",
            },
            {
               name: "SUSE-SU-2016:2105",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html",
            },
            {
               name: "SUSE-SU-2016:2002",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html",
            },
            {
               name: "SUSE-SU-2016:1937",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2016-2053",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel before 4.3 allows attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "SUSE-SU-2016:1690",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html",
                  },
                  {
                     name: "SUSE-SU-2016:2010",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html",
                  },
                  {
                     name: "SUSE-SU-2016:2011",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00023.html",
                  },
                  {
                     name: "SUSE-SU-2016:2003",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00017.html",
                  },
                  {
                     name: "https://bugzilla.redhat.com/show_bug.cgi?id=1300237",
                     refsource: "CONFIRM",
                     url: "https://bugzilla.redhat.com/show_bug.cgi?id=1300237",
                  },
                  {
                     name: "SUSE-SU-2016:1994",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html",
                  },
                  {
                     name: "SUSE-SU-2016:1961",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html",
                  },
                  {
                     name: "SUSE-SU-2016:2001",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html",
                  },
                  {
                     name: "SUSE-SU-2016:1985",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html",
                  },
                  {
                     name: "openSUSE-SU-2016:2184",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html",
                  },
                  {
                     name: "SUSE-SU-2016:2006",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html",
                  },
                  {
                     name: "[oss-security] 20160125 Re: Linux kernel : Denial of service with specially crafted key file.",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2016/01/25/4",
                  },
                  {
                     name: "https://github.com/torvalds/linux/commit/0d62e9dd6da45bbf0f33a8617afc5fe774c8f45f",
                     refsource: "CONFIRM",
                     url: "https://github.com/torvalds/linux/commit/0d62e9dd6da45bbf0f33a8617afc5fe774c8f45f",
                  },
                  {
                     name: "RHSA-2016:2584",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2016-2584.html",
                  },
                  {
                     name: "SUSE-SU-2016:2014",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html",
                  },
                  {
                     name: "RHSA-2016:2574",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2016-2574.html",
                  },
                  {
                     name: "openSUSE-SU-2016:1641",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html",
                  },
                  {
                     name: "1036763",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id/1036763",
                  },
                  {
                     name: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0d62e9dd6da45bbf0f33a8617afc5fe774c8f45f",
                     refsource: "CONFIRM",
                     url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0d62e9dd6da45bbf0f33a8617afc5fe774c8f45f",
                  },
                  {
                     name: "SUSE-SU-2016:1672",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html",
                  },
                  {
                     name: "SUSE-SU-2016:2009",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html",
                  },
                  {
                     name: "SUSE-SU-2016:2005",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html",
                  },
                  {
                     name: "SUSE-SU-2016:2007",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html",
                  },
                  {
                     name: "SUSE-SU-2016:2000",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html",
                  },
                  {
                     name: "SUSE-SU-2016:1995",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html",
                  },
                  {
                     name: "SUSE-SU-2016:2105",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html",
                  },
                  {
                     name: "SUSE-SU-2016:2002",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html",
                  },
                  {
                     name: "SUSE-SU-2016:1937",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2016-2053",
      datePublished: "2016-05-02T10:00:00",
      dateReserved: "2016-01-25T00:00:00",
      dateUpdated: "2024-08-05T23:17:50.397Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2016-0758

Vulnerability from cvelistv5

Published

2016-06-27 10:00

Modified

2024-08-05 22:30

Severity ?

Summary

Integer overflow in lib/asn1_decoder.c in the Linux kernel before 4.6 allows local users to gain privileges via crafted ASN.1 data.

References

▼	URL	Tags
	http://www.ubuntu.com/usn/USN-2979-4	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00023.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00017.html	vendor-advisory, x_refsource_SUSE
	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=23c8a812dc3c621009e4f0e5342aa4e2ede1ceaa	x_refsource_CONFIRM
	https://github.com/torvalds/linux/commit/23c8a812dc3c621009e4f0e5342aa4e2ede1ceaa	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html	vendor-advisory, x_refsource_SUSE
	http://rhn.redhat.com/errata/RHSA-2016-1055.html	vendor-advisory, x_refsource_REDHAT
	http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html	vendor-advisory, x_refsource_SUSE
	http://source.android.com/security/bulletin/2016-10-01.html	x_refsource_CONFIRM
	http://www.openwall.com/lists/oss-security/2016/05/12/9	mailing-list, x_refsource_MLIST
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html	vendor-advisory, x_refsource_SUSE
	http://rhn.redhat.com/errata/RHSA-2016-1033.html	vendor-advisory, x_refsource_REDHAT
	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html	vendor-advisory, x_refsource_SUSE
	https://bugzilla.redhat.com/show_bug.cgi?id=1300257	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html	vendor-advisory, x_refsource_SUSE
	http://rhn.redhat.com/errata/RHSA-2016-1051.html	vendor-advisory, x_refsource_REDHAT
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html	vendor-advisory, x_refsource_SUSE
	http://www.securityfocus.com/bid/90626	vdb-entry, x_refsource_BID
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html	vendor-advisory, x_refsource_SUSE
	https://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158555	vendor-advisory, x_refsource_HP
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html	vendor-advisory, x_refsource_SUSE

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T22:30:04.558Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "USN-2979-4",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-2979-4",
               },
               {
                  name: "SUSE-SU-2016:1690",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html",
               },
               {
                  name: "SUSE-SU-2016:2010",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html",
               },
               {
                  name: "SUSE-SU-2016:2011",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00023.html",
               },
               {
                  name: "SUSE-SU-2016:2003",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00017.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=23c8a812dc3c621009e4f0e5342aa4e2ede1ceaa",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/torvalds/linux/commit/23c8a812dc3c621009e4f0e5342aa4e2ede1ceaa",
               },
               {
                  name: "SUSE-SU-2016:1994",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html",
               },
               {
                  name: "RHSA-2016:1055",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-1055.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
               },
               {
                  name: "SUSE-SU-2016:1961",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html",
               },
               {
                  name: "SUSE-SU-2016:2001",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html",
               },
               {
                  name: "SUSE-SU-2016:1985",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html",
               },
               {
                  name: "openSUSE-SU-2016:2184",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html",
               },
               {
                  name: "SUSE-SU-2016:2006",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://source.android.com/security/bulletin/2016-10-01.html",
               },
               {
                  name: "[oss-security] 20160513 CVE-2016-0758 - Linux kernel - Flaw in ASN.1 DER decoder for x509 certificate DER files.",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2016/05/12/9",
               },
               {
                  name: "SUSE-SU-2016:2014",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html",
               },
               {
                  name: "RHSA-2016:1033",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-1033.html",
               },
               {
                  name: "openSUSE-SU-2016:1641",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1300257",
               },
               {
                  name: "SUSE-SU-2016:1672",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html",
               },
               {
                  name: "RHSA-2016:1051",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-1051.html",
               },
               {
                  name: "SUSE-SU-2016:2009",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html",
               },
               {
                  name: "SUSE-SU-2016:2005",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html",
               },
               {
                  name: "SUSE-SU-2016:2007",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html",
               },
               {
                  name: "90626",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/90626",
               },
               {
                  name: "SUSE-SU-2016:2000",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html",
               },
               {
                  name: "SUSE-SU-2016:1995",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html",
               },
               {
                  name: "SUSE-SU-2016:2105",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html",
               },
               {
                  name: "SUSE-SU-2016:2002",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html",
               },
               {
                  name: "HPSBHF3548",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_HP",
                     "x_transferred",
                  ],
                  url: "https://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158555",
               },
               {
                  name: "SUSE-SU-2016:1937",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2016-02-01T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Integer overflow in lib/asn1_decoder.c in the Linux kernel before 4.6 allows local users to gain privileges via crafted ASN.1 data.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2016-11-25T20:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "USN-2979-4",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-2979-4",
            },
            {
               name: "SUSE-SU-2016:1690",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html",
            },
            {
               name: "SUSE-SU-2016:2010",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html",
            },
            {
               name: "SUSE-SU-2016:2011",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00023.html",
            },
            {
               name: "SUSE-SU-2016:2003",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00017.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=23c8a812dc3c621009e4f0e5342aa4e2ede1ceaa",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/torvalds/linux/commit/23c8a812dc3c621009e4f0e5342aa4e2ede1ceaa",
            },
            {
               name: "SUSE-SU-2016:1994",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html",
            },
            {
               name: "RHSA-2016:1055",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-1055.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
            },
            {
               name: "SUSE-SU-2016:1961",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html",
            },
            {
               name: "SUSE-SU-2016:2001",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html",
            },
            {
               name: "SUSE-SU-2016:1985",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html",
            },
            {
               name: "openSUSE-SU-2016:2184",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html",
            },
            {
               name: "SUSE-SU-2016:2006",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://source.android.com/security/bulletin/2016-10-01.html",
            },
            {
               name: "[oss-security] 20160513 CVE-2016-0758 - Linux kernel - Flaw in ASN.1 DER decoder for x509 certificate DER files.",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2016/05/12/9",
            },
            {
               name: "SUSE-SU-2016:2014",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html",
            },
            {
               name: "RHSA-2016:1033",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-1033.html",
            },
            {
               name: "openSUSE-SU-2016:1641",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1300257",
            },
            {
               name: "SUSE-SU-2016:1672",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html",
            },
            {
               name: "RHSA-2016:1051",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-1051.html",
            },
            {
               name: "SUSE-SU-2016:2009",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html",
            },
            {
               name: "SUSE-SU-2016:2005",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html",
            },
            {
               name: "SUSE-SU-2016:2007",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html",
            },
            {
               name: "90626",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/90626",
            },
            {
               name: "SUSE-SU-2016:2000",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html",
            },
            {
               name: "SUSE-SU-2016:1995",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html",
            },
            {
               name: "SUSE-SU-2016:2105",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html",
            },
            {
               name: "SUSE-SU-2016:2002",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html",
            },
            {
               name: "HPSBHF3548",
               tags: [
                  "vendor-advisory",
                  "x_refsource_HP",
               ],
               url: "https://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158555",
            },
            {
               name: "SUSE-SU-2016:1937",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2016-0758",
      datePublished: "2016-06-27T10:00:00",
      dateReserved: "2015-12-16T00:00:00",
      dateUpdated: "2024-08-05T22:30:04.558Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2016-3134

Vulnerability from cvelistv5

Published

2016-04-27 17:00

Modified

2024-08-05 23:47

Severity ?

Summary

The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call.

References

▼	URL	Tags
	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html	vendor-advisory, x_refsource_SUSE
	https://github.com/torvalds/linux/commit/54d83fc74aa9ec72794373cb47432c5f7fb1a309	x_refsource_CONFIRM
	https://code.google.com/p/google-security-research/issues/detail?id=758	x_refsource_MISC
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html	vendor-advisory, x_refsource_SUSE
	http://www.ubuntu.com/usn/USN-2930-1	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html	vendor-advisory, x_refsource_SUSE
	https://bugzilla.redhat.com/show_bug.cgi?id=1317383	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html	vendor-advisory, x_refsource_SUSE
	http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html	vendor-advisory, x_refsource_SUSE
	http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/USN-2930-2	vendor-advisory, x_refsource_UBUNTU
	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54d83fc74aa9ec72794373cb47432c5f7fb1a309	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html	vendor-advisory, x_refsource_SUSE
	http://rhn.redhat.com/errata/RHSA-2016-1847.html	vendor-advisory, x_refsource_REDHAT
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html	vendor-advisory, x_refsource_SUSE
	http://www.ubuntu.com/usn/USN-3049-1	vendor-advisory, x_refsource_UBUNTU
	http://rhn.redhat.com/errata/RHSA-2016-1875.html	vendor-advisory, x_refsource_REDHAT
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html	vendor-advisory, x_refsource_SUSE
	http://www.ubuntu.com/usn/USN-2930-3	vendor-advisory, x_refsource_UBUNTU
	http://www.debian.org/security/2016/dsa-3607	vendor-advisory, x_refsource_DEBIAN
	http://www.securitytracker.com/id/1036763	vdb-entry, x_refsource_SECTRACK
	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html	vendor-advisory, x_refsource_SUSE
	http://www.ubuntu.com/usn/USN-2929-1	vendor-advisory, x_refsource_UBUNTU
	http://www.ubuntu.com/usn/USN-2932-1	vendor-advisory, x_refsource_UBUNTU
	http://www.ubuntu.com/usn/USN-3050-1	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html	vendor-advisory, x_refsource_SUSE
	http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html	vendor-advisory, x_refsource_SUSE
	http://rhn.redhat.com/errata/RHSA-2016-1883.html	vendor-advisory, x_refsource_REDHAT
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html	vendor-advisory, x_refsource_SUSE
	http://www.ubuntu.com/usn/USN-2931-1	vendor-advisory, x_refsource_UBUNTU
	http://www.ubuntu.com/usn/USN-2929-2	vendor-advisory, x_refsource_UBUNTU
	http://www.securityfocus.com/bid/84305	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T23:47:57.222Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "SUSE-SU-2016:1690",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/torvalds/linux/commit/54d83fc74aa9ec72794373cb47432c5f7fb1a309",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://code.google.com/p/google-security-research/issues/detail?id=758",
               },
               {
                  name: "SUSE-SU-2016:2010",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html",
               },
               {
                  name: "USN-2930-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-2930-1",
               },
               {
                  name: "SUSE-SU-2016:1696",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1317383",
               },
               {
                  name: "SUSE-SU-2016:1994",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
               },
               {
                  name: "SUSE-SU-2016:1961",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html",
               },
               {
                  name: "USN-2930-2",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-2930-2",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54d83fc74aa9ec72794373cb47432c5f7fb1a309",
               },
               {
                  name: "SUSE-SU-2016:2001",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html",
               },
               {
                  name: "SUSE-SU-2016:1985",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html",
               },
               {
                  name: "RHSA-2016:1847",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-1847.html",
               },
               {
                  name: "SUSE-SU-2016:2006",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html",
               },
               {
                  name: "USN-3049-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-3049-1",
               },
               {
                  name: "RHSA-2016:1875",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-1875.html",
               },
               {
                  name: "SUSE-SU-2016:2014",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html",
               },
               {
                  name: "openSUSE-SU-2016:1641",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html",
               },
               {
                  name: "SUSE-SU-2016:1764",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html",
               },
               {
                  name: "USN-2930-3",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-2930-3",
               },
               {
                  name: "DSA-3607",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2016/dsa-3607",
               },
               {
                  name: "1036763",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id/1036763",
               },
               {
                  name: "SUSE-SU-2016:1672",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html",
               },
               {
                  name: "SUSE-SU-2016:2009",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html",
               },
               {
                  name: "USN-2929-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-2929-1",
               },
               {
                  name: "USN-2932-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-2932-1",
               },
               {
                  name: "USN-3050-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-3050-1",
               },
               {
                  name: "SUSE-SU-2016:2005",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html",
               },
               {
                  name: "SUSE-SU-2016:2007",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html",
               },
               {
                  name: "SUSE-SU-2016:2074",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html",
               },
               {
                  name: "SUSE-SU-2016:2000",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html",
               },
               {
                  name: "RHSA-2016:1883",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-1883.html",
               },
               {
                  name: "SUSE-SU-2016:1995",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html",
               },
               {
                  name: "SUSE-SU-2016:2002",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html",
               },
               {
                  name: "USN-2931-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-2931-1",
               },
               {
                  name: "USN-2929-2",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-2929-2",
               },
               {
                  name: "84305",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/84305",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2016-04-27T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-01-06T16:15:29",
            orgId: "f81092c5-7f14-476d-80dc-24857f90be84",
            shortName: "microfocus",
         },
         references: [
            {
               name: "SUSE-SU-2016:1690",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/torvalds/linux/commit/54d83fc74aa9ec72794373cb47432c5f7fb1a309",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://code.google.com/p/google-security-research/issues/detail?id=758",
            },
            {
               name: "SUSE-SU-2016:2010",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html",
            },
            {
               name: "USN-2930-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-2930-1",
            },
            {
               name: "SUSE-SU-2016:1696",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1317383",
            },
            {
               name: "SUSE-SU-2016:1994",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
            },
            {
               name: "SUSE-SU-2016:1961",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html",
            },
            {
               name: "USN-2930-2",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-2930-2",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54d83fc74aa9ec72794373cb47432c5f7fb1a309",
            },
            {
               name: "SUSE-SU-2016:2001",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html",
            },
            {
               name: "SUSE-SU-2016:1985",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html",
            },
            {
               name: "RHSA-2016:1847",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-1847.html",
            },
            {
               name: "SUSE-SU-2016:2006",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html",
            },
            {
               name: "USN-3049-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-3049-1",
            },
            {
               name: "RHSA-2016:1875",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-1875.html",
            },
            {
               name: "SUSE-SU-2016:2014",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html",
            },
            {
               name: "openSUSE-SU-2016:1641",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html",
            },
            {
               name: "SUSE-SU-2016:1764",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html",
            },
            {
               name: "USN-2930-3",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-2930-3",
            },
            {
               name: "DSA-3607",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2016/dsa-3607",
            },
            {
               name: "1036763",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id/1036763",
            },
            {
               name: "SUSE-SU-2016:1672",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html",
            },
            {
               name: "SUSE-SU-2016:2009",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html",
            },
            {
               name: "USN-2929-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-2929-1",
            },
            {
               name: "USN-2932-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-2932-1",
            },
            {
               name: "USN-3050-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-3050-1",
            },
            {
               name: "SUSE-SU-2016:2005",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html",
            },
            {
               name: "SUSE-SU-2016:2007",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html",
            },
            {
               name: "SUSE-SU-2016:2074",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html",
            },
            {
               name: "SUSE-SU-2016:2000",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html",
            },
            {
               name: "RHSA-2016:1883",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-1883.html",
            },
            {
               name: "SUSE-SU-2016:1995",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html",
            },
            {
               name: "SUSE-SU-2016:2002",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html",
            },
            {
               name: "USN-2931-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-2931-1",
            },
            {
               name: "USN-2929-2",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-2929-2",
            },
            {
               name: "84305",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/84305",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@microfocus.com",
               ID: "CVE-2016-3134",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "SUSE-SU-2016:1690",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html",
                  },
                  {
                     name: "https://github.com/torvalds/linux/commit/54d83fc74aa9ec72794373cb47432c5f7fb1a309",
                     refsource: "CONFIRM",
                     url: "https://github.com/torvalds/linux/commit/54d83fc74aa9ec72794373cb47432c5f7fb1a309",
                  },
                  {
                     name: "https://code.google.com/p/google-security-research/issues/detail?id=758",
                     refsource: "MISC",
                     url: "https://code.google.com/p/google-security-research/issues/detail?id=758",
                  },
                  {
                     name: "SUSE-SU-2016:2010",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html",
                  },
                  {
                     name: "USN-2930-1",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/USN-2930-1",
                  },
                  {
                     name: "SUSE-SU-2016:1696",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html",
                  },
                  {
                     name: "https://bugzilla.redhat.com/show_bug.cgi?id=1317383",
                     refsource: "CONFIRM",
                     url: "https://bugzilla.redhat.com/show_bug.cgi?id=1317383",
                  },
                  {
                     name: "SUSE-SU-2016:1994",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html",
                  },
                  {
                     name: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
                     refsource: "CONFIRM",
                     url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
                  },
                  {
                     name: "SUSE-SU-2016:1961",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html",
                  },
                  {
                     name: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html",
                     refsource: "CONFIRM",
                     url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html",
                  },
                  {
                     name: "USN-2930-2",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/USN-2930-2",
                  },
                  {
                     name: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54d83fc74aa9ec72794373cb47432c5f7fb1a309",
                     refsource: "CONFIRM",
                     url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54d83fc74aa9ec72794373cb47432c5f7fb1a309",
                  },
                  {
                     name: "SUSE-SU-2016:2001",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html",
                  },
                  {
                     name: "SUSE-SU-2016:1985",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html",
                  },
                  {
                     name: "RHSA-2016:1847",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2016-1847.html",
                  },
                  {
                     name: "SUSE-SU-2016:2006",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html",
                  },
                  {
                     name: "USN-3049-1",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/USN-3049-1",
                  },
                  {
                     name: "RHSA-2016:1875",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2016-1875.html",
                  },
                  {
                     name: "SUSE-SU-2016:2014",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html",
                  },
                  {
                     name: "openSUSE-SU-2016:1641",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html",
                  },
                  {
                     name: "SUSE-SU-2016:1764",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html",
                  },
                  {
                     name: "USN-2930-3",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/USN-2930-3",
                  },
                  {
                     name: "DSA-3607",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2016/dsa-3607",
                  },
                  {
                     name: "1036763",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id/1036763",
                  },
                  {
                     name: "SUSE-SU-2016:1672",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html",
                  },
                  {
                     name: "SUSE-SU-2016:2009",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html",
                  },
                  {
                     name: "USN-2929-1",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/USN-2929-1",
                  },
                  {
                     name: "USN-2932-1",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/USN-2932-1",
                  },
                  {
                     name: "USN-3050-1",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/USN-3050-1",
                  },
                  {
                     name: "SUSE-SU-2016:2005",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html",
                  },
                  {
                     name: "SUSE-SU-2016:2007",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html",
                  },
                  {
                     name: "SUSE-SU-2016:2074",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html",
                  },
                  {
                     name: "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html",
                     refsource: "CONFIRM",
                     url: "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html",
                  },
                  {
                     name: "SUSE-SU-2016:2000",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html",
                  },
                  {
                     name: "RHSA-2016:1883",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2016-1883.html",
                  },
                  {
                     name: "SUSE-SU-2016:1995",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html",
                  },
                  {
                     name: "SUSE-SU-2016:2002",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html",
                  },
                  {
                     name: "USN-2931-1",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/USN-2931-1",
                  },
                  {
                     name: "USN-2929-2",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/USN-2929-2",
                  },
                  {
                     name: "84305",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/84305",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "f81092c5-7f14-476d-80dc-24857f90be84",
      assignerShortName: "microfocus",
      cveId: "CVE-2016-3134",
      datePublished: "2016-04-27T17:00:00",
      dateReserved: "2016-03-13T00:00:00",
      dateUpdated: "2024-08-05T23:47:57.222Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2016-4470

Vulnerability from cvelistv5

Published

2016-06-27 10:00

Modified

2024-08-06 00:32

Severity ?

Summary

The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command.

References

▼	URL	Tags
	http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00023.html	vendor-advisory, x_refsource_SUSE
	http://www.ubuntu.com/usn/USN-3054-1	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00017.html	vendor-advisory, x_refsource_SUSE
	http://rhn.redhat.com/errata/RHSA-2016-1657.html	vendor-advisory, x_refsource_REDHAT
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html	vendor-advisory, x_refsource_SUSE
	http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/USN-3051-1	vendor-advisory, x_refsource_UBUNTU
	http://rhn.redhat.com/errata/RHSA-2016-2128.html	vendor-advisory, x_refsource_REDHAT
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html	vendor-advisory, x_refsource_SUSE
	http://rhn.redhat.com/errata/RHSA-2016-2133.html	vendor-advisory, x_refsource_REDHAT
	http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html	vendor-advisory, x_refsource_SUSE
	http://www.ubuntu.com/usn/USN-3053-1	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00012.html	vendor-advisory, x_refsource_SUSE
	http://www.ubuntu.com/usn/USN-3055-1	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html	vendor-advisory, x_refsource_SUSE
	http://www.ubuntu.com/usn/USN-3056-1	vendor-advisory, x_refsource_UBUNTU
	http://www.ubuntu.com/usn/USN-3052-1	vendor-advisory, x_refsource_UBUNTU
	http://www.ubuntu.com/usn/USN-3049-1	vendor-advisory, x_refsource_UBUNTU
	http://rhn.redhat.com/errata/RHSA-2016-1541.html	vendor-advisory, x_refsource_REDHAT
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00027.html	vendor-advisory, x_refsource_SUSE
	http://www.debian.org/security/2016/dsa-3607	vendor-advisory, x_refsource_DEBIAN
	http://rhn.redhat.com/errata/RHSA-2016-1539.html	vendor-advisory, x_refsource_REDHAT
	http://www.securitytracker.com/id/1036763	vdb-entry, x_refsource_SECTRACK
	http://rhn.redhat.com/errata/RHSA-2016-1532.html	vendor-advisory, x_refsource_REDHAT
	http://rhn.redhat.com/errata/RHSA-2016-2006.html	vendor-advisory, x_refsource_REDHAT
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html	vendor-advisory, x_refsource_SUSE
	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=38327424b40bcebe2de92d07312c89360ac9229a	x_refsource_CONFIRM
	http://www.openwall.com/lists/oss-security/2016/06/15/11	mailing-list, x_refsource_MLIST
	https://bugzilla.redhat.com/show_bug.cgi?id=1341716	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/USN-3050-1	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00013.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html	vendor-advisory, x_refsource_SUSE
	http://rhn.redhat.com/errata/RHSA-2016-2076.html	vendor-advisory, x_refsource_REDHAT
	http://www.ubuntu.com/usn/USN-3057-1	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html	vendor-advisory, x_refsource_SUSE
	http://rhn.redhat.com/errata/RHSA-2016-2074.html	vendor-advisory, x_refsource_REDHAT
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html	vendor-advisory, x_refsource_SUSE
	https://github.com/torvalds/linux/commit/38327424b40bcebe2de92d07312c89360ac9229a	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html	vendor-advisory, x_refsource_SUSE

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T00:32:25.328Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
               },
               {
                  name: "SUSE-SU-2016:2010",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html",
               },
               {
                  name: "SUSE-SU-2016:2011",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00023.html",
               },
               {
                  name: "USN-3054-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-3054-1",
               },
               {
                  name: "SUSE-SU-2016:2003",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00017.html",
               },
               {
                  name: "RHSA-2016:1657",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-1657.html",
               },
               {
                  name: "SUSE-SU-2016:1994",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
               },
               {
                  name: "USN-3051-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-3051-1",
               },
               {
                  name: "RHSA-2016:2128",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-2128.html",
               },
               {
                  name: "SUSE-SU-2016:1961",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html",
               },
               {
                  name: "RHSA-2016:2133",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-2133.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html",
               },
               {
                  name: "SUSE-SU-2016:2001",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html",
               },
               {
                  name: "SUSE-SU-2016:1985",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html",
               },
               {
                  name: "USN-3053-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-3053-1",
               },
               {
                  name: "openSUSE-SU-2016:2184",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html",
               },
               {
                  name: "SUSE-SU-2016:1998",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00012.html",
               },
               {
                  name: "USN-3055-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-3055-1",
               },
               {
                  name: "SUSE-SU-2016:2006",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html",
               },
               {
                  name: "USN-3056-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-3056-1",
               },
               {
                  name: "USN-3052-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-3052-1",
               },
               {
                  name: "USN-3049-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-3049-1",
               },
               {
                  name: "RHSA-2016:1541",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-1541.html",
               },
               {
                  name: "SUSE-SU-2016:2014",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html",
               },
               {
                  name: "SUSE-SU-2016:2018",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00027.html",
               },
               {
                  name: "DSA-3607",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2016/dsa-3607",
               },
               {
                  name: "RHSA-2016:1539",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-1539.html",
               },
               {
                  name: "1036763",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id/1036763",
               },
               {
                  name: "RHSA-2016:1532",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-1532.html",
               },
               {
                  name: "RHSA-2016:2006",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-2006.html",
               },
               {
                  name: "SUSE-SU-2016:2009",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=38327424b40bcebe2de92d07312c89360ac9229a",
               },
               {
                  name: "[oss-security] 20160615 CVE-2016-4470: Linux kernel Uninitialized variable in request_key handling user controlled kfree().",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2016/06/15/11",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1341716",
               },
               {
                  name: "USN-3050-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-3050-1",
               },
               {
                  name: "SUSE-SU-2016:2005",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html",
               },
               {
                  name: "SUSE-SU-2016:2007",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html",
               },
               {
                  name: "SUSE-SU-2016:1999",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00013.html",
               },
               {
                  name: "SUSE-SU-2016:2000",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html",
               },
               {
                  name: "RHSA-2016:2076",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-2076.html",
               },
               {
                  name: "USN-3057-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-3057-1",
               },
               {
                  name: "SUSE-SU-2016:1995",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html",
               },
               {
                  name: "RHSA-2016:2074",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-2074.html",
               },
               {
                  name: "SUSE-SU-2016:2105",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html",
               },
               {
                  name: "SUSE-SU-2016:2002",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/torvalds/linux/commit/38327424b40bcebe2de92d07312c89360ac9229a",
               },
               {
                  name: "SUSE-SU-2016:1937",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2016-06-15T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-01-04T19:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
            },
            {
               name: "SUSE-SU-2016:2010",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html",
            },
            {
               name: "SUSE-SU-2016:2011",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00023.html",
            },
            {
               name: "USN-3054-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-3054-1",
            },
            {
               name: "SUSE-SU-2016:2003",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00017.html",
            },
            {
               name: "RHSA-2016:1657",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-1657.html",
            },
            {
               name: "SUSE-SU-2016:1994",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
            },
            {
               name: "USN-3051-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-3051-1",
            },
            {
               name: "RHSA-2016:2128",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-2128.html",
            },
            {
               name: "SUSE-SU-2016:1961",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html",
            },
            {
               name: "RHSA-2016:2133",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-2133.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html",
            },
            {
               name: "SUSE-SU-2016:2001",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html",
            },
            {
               name: "SUSE-SU-2016:1985",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html",
            },
            {
               name: "USN-3053-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-3053-1",
            },
            {
               name: "openSUSE-SU-2016:2184",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html",
            },
            {
               name: "SUSE-SU-2016:1998",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00012.html",
            },
            {
               name: "USN-3055-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-3055-1",
            },
            {
               name: "SUSE-SU-2016:2006",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html",
            },
            {
               name: "USN-3056-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-3056-1",
            },
            {
               name: "USN-3052-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-3052-1",
            },
            {
               name: "USN-3049-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-3049-1",
            },
            {
               name: "RHSA-2016:1541",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-1541.html",
            },
            {
               name: "SUSE-SU-2016:2014",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html",
            },
            {
               name: "SUSE-SU-2016:2018",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00027.html",
            },
            {
               name: "DSA-3607",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2016/dsa-3607",
            },
            {
               name: "RHSA-2016:1539",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-1539.html",
            },
            {
               name: "1036763",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id/1036763",
            },
            {
               name: "RHSA-2016:1532",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-1532.html",
            },
            {
               name: "RHSA-2016:2006",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-2006.html",
            },
            {
               name: "SUSE-SU-2016:2009",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=38327424b40bcebe2de92d07312c89360ac9229a",
            },
            {
               name: "[oss-security] 20160615 CVE-2016-4470: Linux kernel Uninitialized variable in request_key handling user controlled kfree().",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2016/06/15/11",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1341716",
            },
            {
               name: "USN-3050-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-3050-1",
            },
            {
               name: "SUSE-SU-2016:2005",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html",
            },
            {
               name: "SUSE-SU-2016:2007",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html",
            },
            {
               name: "SUSE-SU-2016:1999",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00013.html",
            },
            {
               name: "SUSE-SU-2016:2000",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html",
            },
            {
               name: "RHSA-2016:2076",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-2076.html",
            },
            {
               name: "USN-3057-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-3057-1",
            },
            {
               name: "SUSE-SU-2016:1995",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html",
            },
            {
               name: "RHSA-2016:2074",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-2074.html",
            },
            {
               name: "SUSE-SU-2016:2105",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html",
            },
            {
               name: "SUSE-SU-2016:2002",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/torvalds/linux/commit/38327424b40bcebe2de92d07312c89360ac9229a",
            },
            {
               name: "SUSE-SU-2016:1937",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2016-4470",
      datePublished: "2016-06-27T10:00:00",
      dateReserved: "2016-05-02T00:00:00",
      dateUpdated: "2024-08-06T00:32:25.328Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2015-8816

Vulnerability from cvelistv5

Published

2016-04-27 17:00

Modified

2024-08-06 08:29

Severity ?

Summary

The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device.

References

▼	URL	Tags
	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html	vendor-advisory, x_refsource_SUSE
	https://github.com/torvalds/linux/commit/e50293ef9775c5f1cf3fcc093037dd6a8c5684ea	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html	vendor-advisory, x_refsource_SUSE
	http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html	vendor-advisory, x_refsource_SUSE
	http://www.debian.org/security/2016/dsa-3503	vendor-advisory, x_refsource_DEBIAN
	http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.5	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html	vendor-advisory, x_refsource_SUSE
	http://www.securityfocus.com/bid/83363	vdb-entry, x_refsource_BID
	http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html	vendor-advisory, x_refsource_SUSE
	https://bugzilla.redhat.com/show_bug.cgi?id=1311589	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html	vendor-advisory, x_refsource_SUSE
	http://source.android.com/security/bulletin/2016-07-01.html	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html	vendor-advisory, x_refsource_SUSE
	http://www.openwall.com/lists/oss-security/2016/02/23/5	mailing-list, x_refsource_MLIST
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html	vendor-advisory, x_refsource_SUSE
	http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html	vendor-advisory, x_refsource_SUSE
	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e50293ef9775c5f1cf3fcc093037dd6a8c5684ea	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T08:29:22.034Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "SUSE-SU-2016:1690",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html",
               },
               {
                  name: "SUSE-SU-2016:2010",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/torvalds/linux/commit/e50293ef9775c5f1cf3fcc093037dd6a8c5684ea",
               },
               {
                  name: "SUSE-SU-2016:1994",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
               },
               {
                  name: "SUSE-SU-2016:1961",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html",
               },
               {
                  name: "SUSE-SU-2016:2001",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html",
               },
               {
                  name: "DSA-3503",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2016/dsa-3503",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.5",
               },
               {
                  name: "SUSE-SU-2016:2006",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html",
               },
               {
                  name: "SUSE-SU-2016:2014",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html",
               },
               {
                  name: "83363",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/83363",
               },
               {
                  name: "SUSE-SU-2016:1764",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1311589",
               },
               {
                  name: "SUSE-SU-2016:1707",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html",
               },
               {
                  name: "SUSE-SU-2016:1672",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html",
               },
               {
                  name: "SUSE-SU-2016:1019",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://source.android.com/security/bulletin/2016-07-01.html",
               },
               {
                  name: "SUSE-SU-2016:2009",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html",
               },
               {
                  name: "[oss-security] 20160223 CVE Request: Linux kernel USB hub invalid memory access in hub_activate()",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2016/02/23/5",
               },
               {
                  name: "SUSE-SU-2016:2005",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html",
               },
               {
                  name: "SUSE-SU-2016:2007",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html",
               },
               {
                  name: "SUSE-SU-2016:2074",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html",
               },
               {
                  name: "SUSE-SU-2016:1995",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html",
               },
               {
                  name: "SUSE-SU-2016:2002",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e50293ef9775c5f1cf3fcc093037dd6a8c5684ea",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2016-01-31T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2016-11-30T20:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "SUSE-SU-2016:1690",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html",
            },
            {
               name: "SUSE-SU-2016:2010",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/torvalds/linux/commit/e50293ef9775c5f1cf3fcc093037dd6a8c5684ea",
            },
            {
               name: "SUSE-SU-2016:1994",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
            },
            {
               name: "SUSE-SU-2016:1961",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html",
            },
            {
               name: "SUSE-SU-2016:2001",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html",
            },
            {
               name: "DSA-3503",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2016/dsa-3503",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.5",
            },
            {
               name: "SUSE-SU-2016:2006",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html",
            },
            {
               name: "SUSE-SU-2016:2014",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html",
            },
            {
               name: "83363",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/83363",
            },
            {
               name: "SUSE-SU-2016:1764",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1311589",
            },
            {
               name: "SUSE-SU-2016:1707",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html",
            },
            {
               name: "SUSE-SU-2016:1672",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html",
            },
            {
               name: "SUSE-SU-2016:1019",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://source.android.com/security/bulletin/2016-07-01.html",
            },
            {
               name: "SUSE-SU-2016:2009",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html",
            },
            {
               name: "[oss-security] 20160223 CVE Request: Linux kernel USB hub invalid memory access in hub_activate()",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2016/02/23/5",
            },
            {
               name: "SUSE-SU-2016:2005",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html",
            },
            {
               name: "SUSE-SU-2016:2007",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html",
            },
            {
               name: "SUSE-SU-2016:2074",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html",
            },
            {
               name: "SUSE-SU-2016:1995",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html",
            },
            {
               name: "SUSE-SU-2016:2002",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e50293ef9775c5f1cf3fcc093037dd6a8c5684ea",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2015-8816",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "SUSE-SU-2016:1690",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html",
                  },
                  {
                     name: "SUSE-SU-2016:2010",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html",
                  },
                  {
                     name: "https://github.com/torvalds/linux/commit/e50293ef9775c5f1cf3fcc093037dd6a8c5684ea",
                     refsource: "CONFIRM",
                     url: "https://github.com/torvalds/linux/commit/e50293ef9775c5f1cf3fcc093037dd6a8c5684ea",
                  },
                  {
                     name: "SUSE-SU-2016:1994",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html",
                  },
                  {
                     name: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
                     refsource: "CONFIRM",
                     url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
                  },
                  {
                     name: "SUSE-SU-2016:1961",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html",
                  },
                  {
                     name: "SUSE-SU-2016:2001",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html",
                  },
                  {
                     name: "DSA-3503",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2016/dsa-3503",
                  },
                  {
                     name: "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.5",
                     refsource: "CONFIRM",
                     url: "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.5",
                  },
                  {
                     name: "SUSE-SU-2016:2006",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html",
                  },
                  {
                     name: "SUSE-SU-2016:2014",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html",
                  },
                  {
                     name: "83363",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/83363",
                  },
                  {
                     name: "SUSE-SU-2016:1764",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html",
                  },
                  {
                     name: "https://bugzilla.redhat.com/show_bug.cgi?id=1311589",
                     refsource: "CONFIRM",
                     url: "https://bugzilla.redhat.com/show_bug.cgi?id=1311589",
                  },
                  {
                     name: "SUSE-SU-2016:1707",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html",
                  },
                  {
                     name: "SUSE-SU-2016:1672",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html",
                  },
                  {
                     name: "SUSE-SU-2016:1019",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html",
                  },
                  {
                     name: "http://source.android.com/security/bulletin/2016-07-01.html",
                     refsource: "CONFIRM",
                     url: "http://source.android.com/security/bulletin/2016-07-01.html",
                  },
                  {
                     name: "SUSE-SU-2016:2009",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html",
                  },
                  {
                     name: "[oss-security] 20160223 CVE Request: Linux kernel USB hub invalid memory access in hub_activate()",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2016/02/23/5",
                  },
                  {
                     name: "SUSE-SU-2016:2005",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html",
                  },
                  {
                     name: "SUSE-SU-2016:2007",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html",
                  },
                  {
                     name: "SUSE-SU-2016:2074",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html",
                  },
                  {
                     name: "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html",
                     refsource: "CONFIRM",
                     url: "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html",
                  },
                  {
                     name: "SUSE-SU-2016:1995",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html",
                  },
                  {
                     name: "SUSE-SU-2016:2002",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html",
                  },
                  {
                     name: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e50293ef9775c5f1cf3fcc093037dd6a8c5684ea",
                     refsource: "CONFIRM",
                     url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e50293ef9775c5f1cf3fcc093037dd6a8c5684ea",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2015-8816",
      datePublished: "2016-04-27T17:00:00",
      dateReserved: "2016-02-23T00:00:00",
      dateUpdated: "2024-08-06T08:29:22.034Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2016-4565

Vulnerability from cvelistv5

Published

2016-05-23 10:00

Modified

2024-08-06 00:32

Severity ?

Summary

The InfiniBand (aka IB) stack in the Linux kernel before 4.5.3 incorrectly relies on the write system call, which allows local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface.

References

▼	URL	Tags
	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html	vendor-advisory, x_refsource_SUSE
	http://www.ubuntu.com/usn/USN-3006-1	vendor-advisory, x_refsource_UBUNTU
	http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/USN-3004-1	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00023.html	vendor-advisory, x_refsource_SUSE
	http://www.ubuntu.com/usn/USN-3001-1	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00017.html	vendor-advisory, x_refsource_SUSE
	http://rhn.redhat.com/errata/RHSA-2016-1640.html	vendor-advisory, x_refsource_REDHAT
	http://rhn.redhat.com/errata/RHSA-2016-1657.html	vendor-advisory, x_refsource_REDHAT
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html	vendor-advisory, x_refsource_SUSE
	http://www.securityfocus.com/bid/90301	vdb-entry, x_refsource_BID
	https://access.redhat.com/errata/RHSA-2016:1406	vendor-advisory, x_refsource_REDHAT
	http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2016:1341	vendor-advisory, x_refsource_REDHAT
	http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html	vendor-advisory, x_refsource_SUSE
	http://www.ubuntu.com/usn/USN-3005-1	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html	vendor-advisory, x_refsource_SUSE
	https://access.redhat.com/errata/RHSA-2016:1301	vendor-advisory, x_refsource_REDHAT
	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e6bd18f57aad1a2d1ef40e646d03ed0f2515c9e3	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2016-1814.html	vendor-advisory, x_refsource_REDHAT
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html	vendor-advisory, x_refsource_SUSE
	https://github.com/torvalds/linux/commit/e6bd18f57aad1a2d1ef40e646d03ed0f2515c9e3	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/USN-3018-2	vendor-advisory, x_refsource_UBUNTU
	http://www.ubuntu.com/usn/USN-3021-2	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html	vendor-advisory, x_refsource_SUSE
	http://rhn.redhat.com/errata/RHSA-2016-1489.html	vendor-advisory, x_refsource_REDHAT
	http://www.ubuntu.com/usn/USN-3019-1	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html	vendor-advisory, x_refsource_SUSE
	http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.3	x_refsource_CONFIRM
	http://www.debian.org/security/2016/dsa-3607	vendor-advisory, x_refsource_DEBIAN
	http://www.ubuntu.com/usn/USN-3002-1	vendor-advisory, x_refsource_UBUNTU
	https://bugzilla.redhat.com/show_bug.cgi?id=1310570	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html	vendor-advisory, x_refsource_SUSE
	http://www.ubuntu.com/usn/USN-3021-1	vendor-advisory, x_refsource_UBUNTU
	http://www.ubuntu.com/usn/USN-3018-1	vendor-advisory, x_refsource_UBUNTU
	http://rhn.redhat.com/errata/RHSA-2016-1617.html	vendor-advisory, x_refsource_REDHAT
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html	vendor-advisory, x_refsource_SUSE
	http://www.ubuntu.com/usn/USN-3007-1	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html	vendor-advisory, x_refsource_SUSE
	http://www.ubuntu.com/usn/USN-3003-1	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html	vendor-advisory, x_refsource_SUSE
	http://rhn.redhat.com/errata/RHSA-2016-1581.html	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2016:1277	vendor-advisory, x_refsource_REDHAT
	http://www.openwall.com/lists/oss-security/2016/05/07/1	mailing-list, x_refsource_MLIST
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html	vendor-advisory, x_refsource_SUSE

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T00:32:25.910Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "SUSE-SU-2016:1690",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html",
               },
               {
                  name: "USN-3006-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-3006-1",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
               },
               {
                  name: "USN-3004-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-3004-1",
               },
               {
                  name: "SUSE-SU-2016:2010",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html",
               },
               {
                  name: "SUSE-SU-2016:2011",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00023.html",
               },
               {
                  name: "USN-3001-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-3001-1",
               },
               {
                  name: "SUSE-SU-2016:2003",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00017.html",
               },
               {
                  name: "RHSA-2016:1640",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-1640.html",
               },
               {
                  name: "RHSA-2016:1657",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-1657.html",
               },
               {
                  name: "SUSE-SU-2016:1994",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html",
               },
               {
                  name: "90301",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/90301",
               },
               {
                  name: "RHSA-2016:1406",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2016:1406",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
               },
               {
                  name: "RHSA-2016:1341",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2016:1341",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
               },
               {
                  name: "SUSE-SU-2016:1961",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html",
               },
               {
                  name: "USN-3005-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-3005-1",
               },
               {
                  name: "SUSE-SU-2016:2001",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html",
               },
               {
                  name: "SUSE-SU-2016:1985",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html",
               },
               {
                  name: "RHSA-2016:1301",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2016:1301",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e6bd18f57aad1a2d1ef40e646d03ed0f2515c9e3",
               },
               {
                  name: "RHSA-2016:1814",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-1814.html",
               },
               {
                  name: "openSUSE-SU-2016:2184",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/torvalds/linux/commit/e6bd18f57aad1a2d1ef40e646d03ed0f2515c9e3",
               },
               {
                  name: "USN-3018-2",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-3018-2",
               },
               {
                  name: "USN-3021-2",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-3021-2",
               },
               {
                  name: "SUSE-SU-2016:2006",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html",
               },
               {
                  name: "SUSE-SU-2016:2014",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html",
               },
               {
                  name: "RHSA-2016:1489",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-1489.html",
               },
               {
                  name: "USN-3019-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-3019-1",
               },
               {
                  name: "openSUSE-SU-2016:1641",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.3",
               },
               {
                  name: "DSA-3607",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2016/dsa-3607",
               },
               {
                  name: "USN-3002-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-3002-1",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1310570",
               },
               {
                  name: "SUSE-SU-2016:1672",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html",
               },
               {
                  name: "SUSE-SU-2016:2009",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html",
               },
               {
                  name: "USN-3021-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-3021-1",
               },
               {
                  name: "USN-3018-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-3018-1",
               },
               {
                  name: "RHSA-2016:1617",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-1617.html",
               },
               {
                  name: "SUSE-SU-2016:2005",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html",
               },
               {
                  name: "SUSE-SU-2016:2007",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html",
               },
               {
                  name: "USN-3007-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-3007-1",
               },
               {
                  name: "SUSE-SU-2016:2000",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html",
               },
               {
                  name: "USN-3003-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-3003-1",
               },
               {
                  name: "SUSE-SU-2016:1995",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html",
               },
               {
                  name: "SUSE-SU-2016:2105",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html",
               },
               {
                  name: "SUSE-SU-2016:2002",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html",
               },
               {
                  name: "RHSA-2016:1581",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-1581.html",
               },
               {
                  name: "RHSA-2016:1277",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2016:1277",
               },
               {
                  name: "[oss-security] 20160507 CVE Request: Linux: IB/security: Restrict use of the write() interface'",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2016/05/07/1",
               },
               {
                  name: "SUSE-SU-2016:1937",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2016-05-04T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The InfiniBand (aka IB) stack in the Linux kernel before 4.5.3 incorrectly relies on the write system call, which allows local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-01-04T19:57:01",
            orgId: "79363d38-fa19-49d1-9214-5f28da3f3ac5",
            shortName: "debian",
         },
         references: [
            {
               name: "SUSE-SU-2016:1690",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html",
            },
            {
               name: "USN-3006-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-3006-1",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
            },
            {
               name: "USN-3004-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-3004-1",
            },
            {
               name: "SUSE-SU-2016:2010",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html",
            },
            {
               name: "SUSE-SU-2016:2011",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00023.html",
            },
            {
               name: "USN-3001-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-3001-1",
            },
            {
               name: "SUSE-SU-2016:2003",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00017.html",
            },
            {
               name: "RHSA-2016:1640",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-1640.html",
            },
            {
               name: "RHSA-2016:1657",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-1657.html",
            },
            {
               name: "SUSE-SU-2016:1994",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html",
            },
            {
               name: "90301",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/90301",
            },
            {
               name: "RHSA-2016:1406",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2016:1406",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
            },
            {
               name: "RHSA-2016:1341",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2016:1341",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
            },
            {
               name: "SUSE-SU-2016:1961",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html",
            },
            {
               name: "USN-3005-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-3005-1",
            },
            {
               name: "SUSE-SU-2016:2001",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html",
            },
            {
               name: "SUSE-SU-2016:1985",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html",
            },
            {
               name: "RHSA-2016:1301",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2016:1301",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e6bd18f57aad1a2d1ef40e646d03ed0f2515c9e3",
            },
            {
               name: "RHSA-2016:1814",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-1814.html",
            },
            {
               name: "openSUSE-SU-2016:2184",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/torvalds/linux/commit/e6bd18f57aad1a2d1ef40e646d03ed0f2515c9e3",
            },
            {
               name: "USN-3018-2",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-3018-2",
            },
            {
               name: "USN-3021-2",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-3021-2",
            },
            {
               name: "SUSE-SU-2016:2006",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html",
            },
            {
               name: "SUSE-SU-2016:2014",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html",
            },
            {
               name: "RHSA-2016:1489",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-1489.html",
            },
            {
               name: "USN-3019-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-3019-1",
            },
            {
               name: "openSUSE-SU-2016:1641",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.3",
            },
            {
               name: "DSA-3607",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2016/dsa-3607",
            },
            {
               name: "USN-3002-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-3002-1",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1310570",
            },
            {
               name: "SUSE-SU-2016:1672",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html",
            },
            {
               name: "SUSE-SU-2016:2009",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html",
            },
            {
               name: "USN-3021-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-3021-1",
            },
            {
               name: "USN-3018-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-3018-1",
            },
            {
               name: "RHSA-2016:1617",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-1617.html",
            },
            {
               name: "SUSE-SU-2016:2005",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html",
            },
            {
               name: "SUSE-SU-2016:2007",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html",
            },
            {
               name: "USN-3007-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-3007-1",
            },
            {
               name: "SUSE-SU-2016:2000",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html",
            },
            {
               name: "USN-3003-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-3003-1",
            },
            {
               name: "SUSE-SU-2016:1995",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html",
            },
            {
               name: "SUSE-SU-2016:2105",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html",
            },
            {
               name: "SUSE-SU-2016:2002",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html",
            },
            {
               name: "RHSA-2016:1581",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-1581.html",
            },
            {
               name: "RHSA-2016:1277",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2016:1277",
            },
            {
               name: "[oss-security] 20160507 CVE Request: Linux: IB/security: Restrict use of the write() interface'",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2016/05/07/1",
            },
            {
               name: "SUSE-SU-2016:1937",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@debian.org",
               ID: "CVE-2016-4565",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The InfiniBand (aka IB) stack in the Linux kernel before 4.5.3 incorrectly relies on the write system call, which allows local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "SUSE-SU-2016:1690",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html",
                  },
                  {
                     name: "USN-3006-1",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/USN-3006-1",
                  },
                  {
                     name: "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
                     refsource: "CONFIRM",
                     url: "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
                  },
                  {
                     name: "USN-3004-1",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/USN-3004-1",
                  },
                  {
                     name: "SUSE-SU-2016:2010",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html",
                  },
                  {
                     name: "SUSE-SU-2016:2011",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00023.html",
                  },
                  {
                     name: "USN-3001-1",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/USN-3001-1",
                  },
                  {
                     name: "SUSE-SU-2016:2003",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00017.html",
                  },
                  {
                     name: "RHSA-2016:1640",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2016-1640.html",
                  },
                  {
                     name: "RHSA-2016:1657",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2016-1657.html",
                  },
                  {
                     name: "SUSE-SU-2016:1994",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html",
                  },
                  {
                     name: "90301",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/90301",
                  },
                  {
                     name: "RHSA-2016:1406",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2016:1406",
                  },
                  {
                     name: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
                     refsource: "CONFIRM",
                     url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
                  },
                  {
                     name: "RHSA-2016:1341",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2016:1341",
                  },
                  {
                     name: "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
                     refsource: "CONFIRM",
                     url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
                  },
                  {
                     name: "SUSE-SU-2016:1961",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html",
                  },
                  {
                     name: "USN-3005-1",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/USN-3005-1",
                  },
                  {
                     name: "SUSE-SU-2016:2001",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html",
                  },
                  {
                     name: "SUSE-SU-2016:1985",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html",
                  },
                  {
                     name: "RHSA-2016:1301",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2016:1301",
                  },
                  {
                     name: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e6bd18f57aad1a2d1ef40e646d03ed0f2515c9e3",
                     refsource: "CONFIRM",
                     url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e6bd18f57aad1a2d1ef40e646d03ed0f2515c9e3",
                  },
                  {
                     name: "RHSA-2016:1814",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2016-1814.html",
                  },
                  {
                     name: "openSUSE-SU-2016:2184",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html",
                  },
                  {
                     name: "https://github.com/torvalds/linux/commit/e6bd18f57aad1a2d1ef40e646d03ed0f2515c9e3",
                     refsource: "CONFIRM",
                     url: "https://github.com/torvalds/linux/commit/e6bd18f57aad1a2d1ef40e646d03ed0f2515c9e3",
                  },
                  {
                     name: "USN-3018-2",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/USN-3018-2",
                  },
                  {
                     name: "USN-3021-2",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/USN-3021-2",
                  },
                  {
                     name: "SUSE-SU-2016:2006",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html",
                  },
                  {
                     name: "SUSE-SU-2016:2014",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html",
                  },
                  {
                     name: "RHSA-2016:1489",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2016-1489.html",
                  },
                  {
                     name: "USN-3019-1",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/USN-3019-1",
                  },
                  {
                     name: "openSUSE-SU-2016:1641",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html",
                  },
                  {
                     name: "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.3",
                     refsource: "CONFIRM",
                     url: "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.3",
                  },
                  {
                     name: "DSA-3607",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2016/dsa-3607",
                  },
                  {
                     name: "USN-3002-1",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/USN-3002-1",
                  },
                  {
                     name: "https://bugzilla.redhat.com/show_bug.cgi?id=1310570",
                     refsource: "CONFIRM",
                     url: "https://bugzilla.redhat.com/show_bug.cgi?id=1310570",
                  },
                  {
                     name: "SUSE-SU-2016:1672",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html",
                  },
                  {
                     name: "SUSE-SU-2016:2009",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html",
                  },
                  {
                     name: "USN-3021-1",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/USN-3021-1",
                  },
                  {
                     name: "USN-3018-1",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/USN-3018-1",
                  },
                  {
                     name: "RHSA-2016:1617",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2016-1617.html",
                  },
                  {
                     name: "SUSE-SU-2016:2005",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html",
                  },
                  {
                     name: "SUSE-SU-2016:2007",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html",
                  },
                  {
                     name: "USN-3007-1",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/USN-3007-1",
                  },
                  {
                     name: "SUSE-SU-2016:2000",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html",
                  },
                  {
                     name: "USN-3003-1",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/USN-3003-1",
                  },
                  {
                     name: "SUSE-SU-2016:1995",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html",
                  },
                  {
                     name: "SUSE-SU-2016:2105",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html",
                  },
                  {
                     name: "SUSE-SU-2016:2002",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html",
                  },
                  {
                     name: "RHSA-2016:1581",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2016-1581.html",
                  },
                  {
                     name: "RHSA-2016:1277",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2016:1277",
                  },
                  {
                     name: "[oss-security] 20160507 CVE Request: Linux: IB/security: Restrict use of the write() interface'",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2016/05/07/1",
                  },
                  {
                     name: "SUSE-SU-2016:1937",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "79363d38-fa19-49d1-9214-5f28da3f3ac5",
      assignerShortName: "debian",
      cveId: "CVE-2016-4565",
      datePublished: "2016-05-23T10:00:00",
      dateReserved: "2016-05-07T00:00:00",
      dateUpdated: "2024-08-06T00:32:25.910Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2013-7446

Vulnerability from cvelistv5

Published

2015-12-28 11:00

Modified

2024-08-06 18:09

Severity ?

Summary

Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel before 4.3.3 allows local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls.

References

▼	URL	Tags
	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00038.html	vendor-advisory, x_refsource_SUSE
	https://groups.google.com/forum/#%21topic/syzkaller/3twDUI4Cpm8	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1034557	vdb-entry, x_refsource_SECTRACK
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00023.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00017.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00039.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00035.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00043.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html	vendor-advisory, x_refsource_SUSE
	http://www.ubuntu.com/usn/USN-2887-2	vendor-advisory, x_refsource_UBUNTU
	https://forums.grsecurity.net/viewtopic.php?f=3&t=4150	x_refsource_MISC
	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00045.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html	vendor-advisory, x_refsource_SUSE
	http://www.spinics.net/lists/netdev/msg318826.html	mailing-list, x_refsource_MLIST
	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00041.html	vendor-advisory, x_refsource_SUSE
	http://www.ubuntu.com/usn/USN-2886-1	vendor-advisory, x_refsource_UBUNTU
	http://www.ubuntu.com/usn/USN-2887-1	vendor-advisory, x_refsource_UBUNTU
	http://www.ubuntu.com/usn/USN-2890-3	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html	vendor-advisory, x_refsource_SUSE
	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7d267278a9ece963d77eefec61630223fce08c6c	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/USN-2889-1	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html	vendor-advisory, x_refsource_SUSE
	http://www.ubuntu.com/usn/USN-2889-2	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00034.html	vendor-advisory, x_refsource_SUSE
	https://lkml.org/lkml/2015/9/13/195	mailing-list, x_refsource_MLIST
	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00037.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html	vendor-advisory, x_refsource_SUSE
	http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.3	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/77638	vdb-entry, x_refsource_BID
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html	vendor-advisory, x_refsource_SUSE
	https://lkml.org/lkml/2014/5/15/532	mailing-list, x_refsource_MLIST
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html	vendor-advisory, x_refsource_SUSE
	http://www.ubuntu.com/usn/USN-2890-2	vendor-advisory, x_refsource_UBUNTU
	https://bugzilla.redhat.com/show_bug.cgi?id=1282688	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00033.html	vendor-advisory, x_refsource_SUSE
	http://www.debian.org/security/2015/dsa-3426	vendor-advisory, x_refsource_DEBIAN
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html	vendor-advisory, x_refsource_SUSE
	http://www.openwall.com/lists/oss-security/2015/11/18/16	mailing-list, x_refsource_MLIST
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html	vendor-advisory, x_refsource_SUSE
	https://lkml.org/lkml/2013/10/14/424	mailing-list, x_refsource_MLIST
	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00044.html	vendor-advisory, x_refsource_SUSE
	https://github.com/torvalds/linux/commit/7d267278a9ece963d77eefec61630223fce08c6c	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/USN-2890-1	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00042.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00040.html	vendor-advisory, x_refsource_SUSE
	http://www.ubuntu.com/usn/USN-2888-1	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html	vendor-advisory, x_refsource_SUSE

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T18:09:16.999Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "SUSE-SU-2016:0750",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00038.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://groups.google.com/forum/#%21topic/syzkaller/3twDUI4Cpm8",
               },
               {
                  name: "1034557",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id/1034557",
               },
               {
                  name: "SUSE-SU-2016:2010",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html",
               },
               {
                  name: "SUSE-SU-2016:2011",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00023.html",
               },
               {
                  name: "SUSE-SU-2016:2003",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00017.html",
               },
               {
                  name: "SUSE-SU-2016:0751",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00039.html",
               },
               {
                  name: "SUSE-SU-2016:0747",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00035.html",
               },
               {
                  name: "SUSE-SU-2016:0755",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00043.html",
               },
               {
                  name: "SUSE-SU-2016:1994",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html",
               },
               {
                  name: "USN-2887-2",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-2887-2",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://forums.grsecurity.net/viewtopic.php?f=3&t=4150",
               },
               {
                  name: "SUSE-SU-2016:0757",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00045.html",
               },
               {
                  name: "SUSE-SU-2016:1961",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html",
               },
               {
                  name: "SUSE-SU-2016:2001",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html",
               },
               {
                  name: "[netdev] 20150304 [PATCH net] af_unix: don't poll dead peers",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.spinics.net/lists/netdev/msg318826.html",
               },
               {
                  name: "SUSE-SU-2016:0753",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00041.html",
               },
               {
                  name: "USN-2886-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-2886-1",
               },
               {
                  name: "USN-2887-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-2887-1",
               },
               {
                  name: "USN-2890-3",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-2890-3",
               },
               {
                  name: "SUSE-SU-2016:2006",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7d267278a9ece963d77eefec61630223fce08c6c",
               },
               {
                  name: "USN-2889-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-2889-1",
               },
               {
                  name: "SUSE-SU-2016:2014",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html",
               },
               {
                  name: "openSUSE-SU-2016:1641",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html",
               },
               {
                  name: "USN-2889-2",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-2889-2",
               },
               {
                  name: "SUSE-SU-2016:0746",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00034.html",
               },
               {
                  name: "[linux-kernel] 20150913 List corruption on epoll_ctl(EPOLL_CTL_DEL) an AF_UNIX socket",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lkml.org/lkml/2015/9/13/195",
               },
               {
                  name: "SUSE-SU-2016:0749",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00037.html",
               },
               {
                  name: "SUSE-SU-2016:1102",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.3",
               },
               {
                  name: "77638",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/77638",
               },
               {
                  name: "SUSE-SU-2016:2009",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html",
               },
               {
                  name: "SUSE-SU-2016:2005",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html",
               },
               {
                  name: "[linux-kernel] 20140515 eventpoll __list_del_entry corruption (was: perf: use after free in perf_remove_from_context)",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lkml.org/lkml/2014/5/15/532",
               },
               {
                  name: "SUSE-SU-2016:2007",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html",
               },
               {
                  name: "SUSE-SU-2016:2074",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html",
               },
               {
                  name: "USN-2890-2",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-2890-2",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1282688",
               },
               {
                  name: "SUSE-SU-2016:2000",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html",
               },
               {
                  name: "SUSE-SU-2016:0745",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00033.html",
               },
               {
                  name: "DSA-3426",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2015/dsa-3426",
               },
               {
                  name: "SUSE-SU-2016:1995",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html",
               },
               {
                  name: "[oss-security] 20151118 Re: CVE request - Linux kernel - Unix sockets use after free - peer_wait_queue prematurely freed",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2015/11/18/16",
               },
               {
                  name: "SUSE-SU-2016:2002",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html",
               },
               {
                  name: "[linux-kernel] 20131014 Re: epoll oops.",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lkml.org/lkml/2013/10/14/424",
               },
               {
                  name: "SUSE-SU-2016:0756",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00044.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/torvalds/linux/commit/7d267278a9ece963d77eefec61630223fce08c6c",
               },
               {
                  name: "USN-2890-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-2890-1",
               },
               {
                  name: "SUSE-SU-2016:0754",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00042.html",
               },
               {
                  name: "SUSE-SU-2016:0752",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00040.html",
               },
               {
                  name: "USN-2888-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-2888-1",
               },
               {
                  name: "SUSE-SU-2016:0911",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2013-10-14T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel before 4.3.3 allows local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2016-12-05T14:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "SUSE-SU-2016:0750",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00038.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://groups.google.com/forum/#%21topic/syzkaller/3twDUI4Cpm8",
            },
            {
               name: "1034557",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id/1034557",
            },
            {
               name: "SUSE-SU-2016:2010",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html",
            },
            {
               name: "SUSE-SU-2016:2011",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00023.html",
            },
            {
               name: "SUSE-SU-2016:2003",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00017.html",
            },
            {
               name: "SUSE-SU-2016:0751",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00039.html",
            },
            {
               name: "SUSE-SU-2016:0747",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00035.html",
            },
            {
               name: "SUSE-SU-2016:0755",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00043.html",
            },
            {
               name: "SUSE-SU-2016:1994",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html",
            },
            {
               name: "USN-2887-2",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-2887-2",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://forums.grsecurity.net/viewtopic.php?f=3&t=4150",
            },
            {
               name: "SUSE-SU-2016:0757",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00045.html",
            },
            {
               name: "SUSE-SU-2016:1961",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html",
            },
            {
               name: "SUSE-SU-2016:2001",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html",
            },
            {
               name: "[netdev] 20150304 [PATCH net] af_unix: don't poll dead peers",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.spinics.net/lists/netdev/msg318826.html",
            },
            {
               name: "SUSE-SU-2016:0753",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00041.html",
            },
            {
               name: "USN-2886-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-2886-1",
            },
            {
               name: "USN-2887-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-2887-1",
            },
            {
               name: "USN-2890-3",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-2890-3",
            },
            {
               name: "SUSE-SU-2016:2006",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7d267278a9ece963d77eefec61630223fce08c6c",
            },
            {
               name: "USN-2889-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-2889-1",
            },
            {
               name: "SUSE-SU-2016:2014",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html",
            },
            {
               name: "openSUSE-SU-2016:1641",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html",
            },
            {
               name: "USN-2889-2",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-2889-2",
            },
            {
               name: "SUSE-SU-2016:0746",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00034.html",
            },
            {
               name: "[linux-kernel] 20150913 List corruption on epoll_ctl(EPOLL_CTL_DEL) an AF_UNIX socket",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lkml.org/lkml/2015/9/13/195",
            },
            {
               name: "SUSE-SU-2016:0749",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00037.html",
            },
            {
               name: "SUSE-SU-2016:1102",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.3",
            },
            {
               name: "77638",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/77638",
            },
            {
               name: "SUSE-SU-2016:2009",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html",
            },
            {
               name: "SUSE-SU-2016:2005",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html",
            },
            {
               name: "[linux-kernel] 20140515 eventpoll __list_del_entry corruption (was: perf: use after free in perf_remove_from_context)",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lkml.org/lkml/2014/5/15/532",
            },
            {
               name: "SUSE-SU-2016:2007",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html",
            },
            {
               name: "SUSE-SU-2016:2074",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html",
            },
            {
               name: "USN-2890-2",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-2890-2",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1282688",
            },
            {
               name: "SUSE-SU-2016:2000",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html",
            },
            {
               name: "SUSE-SU-2016:0745",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00033.html",
            },
            {
               name: "DSA-3426",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2015/dsa-3426",
            },
            {
               name: "SUSE-SU-2016:1995",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html",
            },
            {
               name: "[oss-security] 20151118 Re: CVE request - Linux kernel - Unix sockets use after free - peer_wait_queue prematurely freed",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2015/11/18/16",
            },
            {
               name: "SUSE-SU-2016:2002",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html",
            },
            {
               name: "[linux-kernel] 20131014 Re: epoll oops.",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lkml.org/lkml/2013/10/14/424",
            },
            {
               name: "SUSE-SU-2016:0756",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00044.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/torvalds/linux/commit/7d267278a9ece963d77eefec61630223fce08c6c",
            },
            {
               name: "USN-2890-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-2890-1",
            },
            {
               name: "SUSE-SU-2016:0754",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00042.html",
            },
            {
               name: "SUSE-SU-2016:0752",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00040.html",
            },
            {
               name: "USN-2888-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-2888-1",
            },
            {
               name: "SUSE-SU-2016:0911",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2013-7446",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel before 4.3.3 allows local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "SUSE-SU-2016:0750",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00038.html",
                  },
                  {
                     name: "https://groups.google.com/forum/#!topic/syzkaller/3twDUI4Cpm8",
                     refsource: "CONFIRM",
                     url: "https://groups.google.com/forum/#!topic/syzkaller/3twDUI4Cpm8",
                  },
                  {
                     name: "1034557",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id/1034557",
                  },
                  {
                     name: "SUSE-SU-2016:2010",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html",
                  },
                  {
                     name: "SUSE-SU-2016:2011",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00023.html",
                  },
                  {
                     name: "SUSE-SU-2016:2003",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00017.html",
                  },
                  {
                     name: "SUSE-SU-2016:0751",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00039.html",
                  },
                  {
                     name: "SUSE-SU-2016:0747",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00035.html",
                  },
                  {
                     name: "SUSE-SU-2016:0755",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00043.html",
                  },
                  {
                     name: "SUSE-SU-2016:1994",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html",
                  },
                  {
                     name: "USN-2887-2",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/USN-2887-2",
                  },
                  {
                     name: "https://forums.grsecurity.net/viewtopic.php?f=3&t=4150",
                     refsource: "MISC",
                     url: "https://forums.grsecurity.net/viewtopic.php?f=3&t=4150",
                  },
                  {
                     name: "SUSE-SU-2016:0757",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00045.html",
                  },
                  {
                     name: "SUSE-SU-2016:1961",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html",
                  },
                  {
                     name: "SUSE-SU-2016:2001",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html",
                  },
                  {
                     name: "[netdev] 20150304 [PATCH net] af_unix: don't poll dead peers",
                     refsource: "MLIST",
                     url: "http://www.spinics.net/lists/netdev/msg318826.html",
                  },
                  {
                     name: "SUSE-SU-2016:0753",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00041.html",
                  },
                  {
                     name: "USN-2886-1",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/USN-2886-1",
                  },
                  {
                     name: "USN-2887-1",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/USN-2887-1",
                  },
                  {
                     name: "USN-2890-3",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/USN-2890-3",
                  },
                  {
                     name: "SUSE-SU-2016:2006",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html",
                  },
                  {
                     name: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7d267278a9ece963d77eefec61630223fce08c6c",
                     refsource: "CONFIRM",
                     url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7d267278a9ece963d77eefec61630223fce08c6c",
                  },
                  {
                     name: "USN-2889-1",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/USN-2889-1",
                  },
                  {
                     name: "SUSE-SU-2016:2014",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html",
                  },
                  {
                     name: "openSUSE-SU-2016:1641",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html",
                  },
                  {
                     name: "USN-2889-2",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/USN-2889-2",
                  },
                  {
                     name: "SUSE-SU-2016:0746",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00034.html",
                  },
                  {
                     name: "[linux-kernel] 20150913 List corruption on epoll_ctl(EPOLL_CTL_DEL) an AF_UNIX socket",
                     refsource: "MLIST",
                     url: "https://lkml.org/lkml/2015/9/13/195",
                  },
                  {
                     name: "SUSE-SU-2016:0749",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00037.html",
                  },
                  {
                     name: "SUSE-SU-2016:1102",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html",
                  },
                  {
                     name: "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.3",
                     refsource: "CONFIRM",
                     url: "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.3",
                  },
                  {
                     name: "77638",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/77638",
                  },
                  {
                     name: "SUSE-SU-2016:2009",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html",
                  },
                  {
                     name: "SUSE-SU-2016:2005",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html",
                  },
                  {
                     name: "[linux-kernel] 20140515 eventpoll __list_del_entry corruption (was: perf: use after free in perf_remove_from_context)",
                     refsource: "MLIST",
                     url: "https://lkml.org/lkml/2014/5/15/532",
                  },
                  {
                     name: "SUSE-SU-2016:2007",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html",
                  },
                  {
                     name: "SUSE-SU-2016:2074",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html",
                  },
                  {
                     name: "USN-2890-2",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/USN-2890-2",
                  },
                  {
                     name: "https://bugzilla.redhat.com/show_bug.cgi?id=1282688",
                     refsource: "CONFIRM",
                     url: "https://bugzilla.redhat.com/show_bug.cgi?id=1282688",
                  },
                  {
                     name: "SUSE-SU-2016:2000",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html",
                  },
                  {
                     name: "SUSE-SU-2016:0745",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00033.html",
                  },
                  {
                     name: "DSA-3426",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2015/dsa-3426",
                  },
                  {
                     name: "SUSE-SU-2016:1995",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html",
                  },
                  {
                     name: "[oss-security] 20151118 Re: CVE request - Linux kernel - Unix sockets use after free - peer_wait_queue prematurely freed",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2015/11/18/16",
                  },
                  {
                     name: "SUSE-SU-2016:2002",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html",
                  },
                  {
                     name: "[linux-kernel] 20131014 Re: epoll oops.",
                     refsource: "MLIST",
                     url: "https://lkml.org/lkml/2013/10/14/424",
                  },
                  {
                     name: "SUSE-SU-2016:0756",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00044.html",
                  },
                  {
                     name: "https://github.com/torvalds/linux/commit/7d267278a9ece963d77eefec61630223fce08c6c",
                     refsource: "CONFIRM",
                     url: "https://github.com/torvalds/linux/commit/7d267278a9ece963d77eefec61630223fce08c6c",
                  },
                  {
                     name: "USN-2890-1",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/USN-2890-1",
                  },
                  {
                     name: "SUSE-SU-2016:0754",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00042.html",
                  },
                  {
                     name: "SUSE-SU-2016:0752",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00040.html",
                  },
                  {
                     name: "USN-2888-1",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/USN-2888-1",
                  },
                  {
                     name: "SUSE-SU-2016:0911",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2013-7446",
      datePublished: "2015-12-28T11:00:00",
      dateReserved: "2015-11-18T00:00:00",
      dateUpdated: "2024-08-06T18:09:16.999Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2016-1583

Vulnerability from cvelistv5

Published

2016-06-27 10:00

Modified

2024-08-05 23:02

Severity ?

Summary

The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling.

References

▼	URL	Tags
	http://www.ubuntu.com/usn/USN-3006-1	vendor-advisory, x_refsource_UBUNTU
	http://www.ubuntu.com/usn/USN-3004-1	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html	vendor-advisory, x_refsource_SUSE
	https://github.com/torvalds/linux/commit/f5364c150aa645b3d7daa21b5c0b9feaa1c9cd6d	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2016-2766.html	vendor-advisory, x_refsource_REDHAT
	http://www.ubuntu.com/usn/USN-3001-1	vendor-advisory, x_refsource_UBUNTU
	https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.3	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html	vendor-advisory, x_refsource_SUSE
	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f5364c150aa645b3d7daa21b5c0b9feaa1c9cd6d	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html	vendor-advisory, x_refsource_SUSE
	https://www.exploit-db.com/exploits/39992/	exploit, x_refsource_EXPLOIT-DB
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html	vendor-advisory, x_refsource_SUSE
	http://www.ubuntu.com/usn/USN-3005-1	vendor-advisory, x_refsource_UBUNTU
	https://bugs.chromium.org/p/project-zero/issues/detail?id=836	x_refsource_MISC
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html	vendor-advisory, x_refsource_SUSE
	http://www.securityfocus.com/bid/91157	vdb-entry, x_refsource_BID
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html	vendor-advisory, x_refsource_SUSE
	http://www.ubuntu.com/usn/USN-2999-1	vendor-advisory, x_refsource_UBUNTU
	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2f36db71009304b3f0b95afacd8eba1f9f046b87	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html	vendor-advisory, x_refsource_SUSE
	http://www.openwall.com/lists/oss-security/2016/06/10/8	mailing-list, x_refsource_MLIST
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html	vendor-advisory, x_refsource_SUSE
	http://www.ubuntu.com/usn/USN-2997-1	vendor-advisory, x_refsource_UBUNTU
	http://www.ubuntu.com/usn/USN-3000-1	vendor-advisory, x_refsource_UBUNTU
	https://github.com/torvalds/linux/commit/f0fe970df3838c202ef6c07a4c2b36838ef0a88b	x_refsource_MISC
	http://www.debian.org/security/2016/dsa-3607	vendor-advisory, x_refsource_DEBIAN
	http://www.securitytracker.com/id/1036763	vdb-entry, x_refsource_SECTRACK
	https://github.com/torvalds/linux/commit/2f36db71009304b3f0b95afacd8eba1f9f046b87	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/USN-3002-1	vendor-advisory, x_refsource_UBUNTU
	http://www.ubuntu.com/usn/USN-2996-1	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00027.html	vendor-advisory, x_refsource_SUSE
	https://access.redhat.com/errata/RHSA-2017:2760	vendor-advisory, x_refsource_REDHAT
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html	vendor-advisory, x_refsource_SUSE
	http://www.ubuntu.com/usn/USN-3007-1	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html	vendor-advisory, x_refsource_SUSE
	http://rhn.redhat.com/errata/RHSA-2016-2124.html	vendor-advisory, x_refsource_REDHAT
	http://www.ubuntu.com/usn/USN-3003-1	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html	vendor-advisory, x_refsource_SUSE
	http://www.openwall.com/lists/oss-security/2016/06/22/1	mailing-list, x_refsource_MLIST
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html	vendor-advisory, x_refsource_SUSE
	https://bugzilla.redhat.com/show_bug.cgi?id=1344721	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/USN-2998-1	vendor-advisory, x_refsource_UBUNTU
	http://packetstormsecurity.com/files/137560/Linux-ecryptfs-Stack-Overflow.html	x_refsource_MISC
	http://www.ubuntu.com/usn/USN-3008-1	vendor-advisory, x_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html	vendor-advisory, x_refsource_SUSE

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T23:02:11.789Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "USN-3006-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-3006-1",
               },
               {
                  name: "USN-3004-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-3004-1",
               },
               {
                  name: "SUSE-SU-2016:2010",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/torvalds/linux/commit/f5364c150aa645b3d7daa21b5c0b9feaa1c9cd6d",
               },
               {
                  name: "RHSA-2016:2766",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-2766.html",
               },
               {
                  name: "USN-3001-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-3001-1",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.3",
               },
               {
                  name: "SUSE-SU-2016:1696",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f5364c150aa645b3d7daa21b5c0b9feaa1c9cd6d",
               },
               {
                  name: "SUSE-SU-2016:1994",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html",
               },
               {
                  name: "39992",
                  tags: [
                     "exploit",
                     "x_refsource_EXPLOIT-DB",
                     "x_transferred",
                  ],
                  url: "https://www.exploit-db.com/exploits/39992/",
               },
               {
                  name: "SUSE-SU-2016:1961",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html",
               },
               {
                  name: "USN-3005-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-3005-1",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=836",
               },
               {
                  name: "SUSE-SU-2016:1985",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html",
               },
               {
                  name: "91157",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/91157",
               },
               {
                  name: "openSUSE-SU-2016:2184",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html",
               },
               {
                  name: "USN-2999-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-2999-1",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2f36db71009304b3f0b95afacd8eba1f9f046b87",
               },
               {
                  name: "SUSE-SU-2016:2006",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html",
               },
               {
                  name: "[oss-security] 20160610 [vs-plain] Linux kernel stack overflow via ecryptfs and /proc/$pid/environ",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2016/06/10/8",
               },
               {
                  name: "SUSE-SU-2016:2014",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html",
               },
               {
                  name: "openSUSE-SU-2016:1641",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html",
               },
               {
                  name: "USN-2997-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-2997-1",
               },
               {
                  name: "USN-3000-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-3000-1",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/torvalds/linux/commit/f0fe970df3838c202ef6c07a4c2b36838ef0a88b",
               },
               {
                  name: "DSA-3607",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2016/dsa-3607",
               },
               {
                  name: "1036763",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id/1036763",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/torvalds/linux/commit/2f36db71009304b3f0b95afacd8eba1f9f046b87",
               },
               {
                  name: "USN-3002-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-3002-1",
               },
               {
                  name: "USN-2996-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-2996-1",
               },
               {
                  name: "SUSE-SU-2016:1672",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html",
               },
               {
                  name: "SUSE-SU-2016:2009",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html",
               },
               {
                  name: "SUSE-SU-2016:1596",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00027.html",
               },
               {
                  name: "RHSA-2017:2760",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2017:2760",
               },
               {
                  name: "SUSE-SU-2016:2005",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html",
               },
               {
                  name: "SUSE-SU-2016:2007",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html",
               },
               {
                  name: "USN-3007-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-3007-1",
               },
               {
                  name: "SUSE-SU-2016:2000",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html",
               },
               {
                  name: "RHSA-2016:2124",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2016-2124.html",
               },
               {
                  name: "USN-3003-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-3003-1",
               },
               {
                  name: "SUSE-SU-2016:1995",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html",
               },
               {
                  name: "SUSE-SU-2016:2105",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html",
               },
               {
                  name: "[oss-security] 20160622 Re: [vs-plain] Linux kernel stack overflow via ecryptfs and /proc/$pid/environ",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2016/06/22/1",
               },
               {
                  name: "SUSE-SU-2016:2002",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1344721",
               },
               {
                  name: "USN-2998-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-2998-1",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://packetstormsecurity.com/files/137560/Linux-ecryptfs-Stack-Overflow.html",
               },
               {
                  name: "USN-3008-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-3008-1",
               },
               {
                  name: "SUSE-SU-2016:1937",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2016-06-10T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-12-06T21:57:01",
            orgId: "cc1ad9ee-3454-478d-9317-d3e869d708bc",
            shortName: "canonical",
         },
         references: [
            {
               name: "USN-3006-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-3006-1",
            },
            {
               name: "USN-3004-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-3004-1",
            },
            {
               name: "SUSE-SU-2016:2010",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/torvalds/linux/commit/f5364c150aa645b3d7daa21b5c0b9feaa1c9cd6d",
            },
            {
               name: "RHSA-2016:2766",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-2766.html",
            },
            {
               name: "USN-3001-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-3001-1",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.3",
            },
            {
               name: "SUSE-SU-2016:1696",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f5364c150aa645b3d7daa21b5c0b9feaa1c9cd6d",
            },
            {
               name: "SUSE-SU-2016:1994",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html",
            },
            {
               name: "39992",
               tags: [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
               ],
               url: "https://www.exploit-db.com/exploits/39992/",
            },
            {
               name: "SUSE-SU-2016:1961",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html",
            },
            {
               name: "USN-3005-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-3005-1",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=836",
            },
            {
               name: "SUSE-SU-2016:1985",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html",
            },
            {
               name: "91157",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/91157",
            },
            {
               name: "openSUSE-SU-2016:2184",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html",
            },
            {
               name: "USN-2999-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-2999-1",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2f36db71009304b3f0b95afacd8eba1f9f046b87",
            },
            {
               name: "SUSE-SU-2016:2006",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html",
            },
            {
               name: "[oss-security] 20160610 [vs-plain] Linux kernel stack overflow via ecryptfs and /proc/$pid/environ",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2016/06/10/8",
            },
            {
               name: "SUSE-SU-2016:2014",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html",
            },
            {
               name: "openSUSE-SU-2016:1641",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html",
            },
            {
               name: "USN-2997-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-2997-1",
            },
            {
               name: "USN-3000-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-3000-1",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/torvalds/linux/commit/f0fe970df3838c202ef6c07a4c2b36838ef0a88b",
            },
            {
               name: "DSA-3607",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2016/dsa-3607",
            },
            {
               name: "1036763",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id/1036763",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/torvalds/linux/commit/2f36db71009304b3f0b95afacd8eba1f9f046b87",
            },
            {
               name: "USN-3002-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-3002-1",
            },
            {
               name: "USN-2996-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-2996-1",
            },
            {
               name: "SUSE-SU-2016:1672",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html",
            },
            {
               name: "SUSE-SU-2016:2009",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html",
            },
            {
               name: "SUSE-SU-2016:1596",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00027.html",
            },
            {
               name: "RHSA-2017:2760",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2017:2760",
            },
            {
               name: "SUSE-SU-2016:2005",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html",
            },
            {
               name: "SUSE-SU-2016:2007",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html",
            },
            {
               name: "USN-3007-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-3007-1",
            },
            {
               name: "SUSE-SU-2016:2000",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html",
            },
            {
               name: "RHSA-2016:2124",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2016-2124.html",
            },
            {
               name: "USN-3003-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-3003-1",
            },
            {
               name: "SUSE-SU-2016:1995",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html",
            },
            {
               name: "SUSE-SU-2016:2105",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html",
            },
            {
               name: "[oss-security] 20160622 Re: [vs-plain] Linux kernel stack overflow via ecryptfs and /proc/$pid/environ",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2016/06/22/1",
            },
            {
               name: "SUSE-SU-2016:2002",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1344721",
            },
            {
               name: "USN-2998-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-2998-1",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://packetstormsecurity.com/files/137560/Linux-ecryptfs-Stack-Overflow.html",
            },
            {
               name: "USN-3008-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-3008-1",
            },
            {
               name: "SUSE-SU-2016:1937",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@ubuntu.com",
               ID: "CVE-2016-1583",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "USN-3006-1",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/USN-3006-1",
                  },
                  {
                     name: "USN-3004-1",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/USN-3004-1",
                  },
                  {
                     name: "SUSE-SU-2016:2010",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html",
                  },
                  {
                     name: "https://github.com/torvalds/linux/commit/f5364c150aa645b3d7daa21b5c0b9feaa1c9cd6d",
                     refsource: "CONFIRM",
                     url: "https://github.com/torvalds/linux/commit/f5364c150aa645b3d7daa21b5c0b9feaa1c9cd6d",
                  },
                  {
                     name: "RHSA-2016:2766",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2016-2766.html",
                  },
                  {
                     name: "USN-3001-1",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/USN-3001-1",
                  },
                  {
                     name: "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.3",
                     refsource: "CONFIRM",
                     url: "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.3",
                  },
                  {
                     name: "SUSE-SU-2016:1696",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html",
                  },
                  {
                     name: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f5364c150aa645b3d7daa21b5c0b9feaa1c9cd6d",
                     refsource: "CONFIRM",
                     url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f5364c150aa645b3d7daa21b5c0b9feaa1c9cd6d",
                  },
                  {
                     name: "SUSE-SU-2016:1994",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html",
                  },
                  {
                     name: "39992",
                     refsource: "EXPLOIT-DB",
                     url: "https://www.exploit-db.com/exploits/39992/",
                  },
                  {
                     name: "SUSE-SU-2016:1961",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html",
                  },
                  {
                     name: "USN-3005-1",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/USN-3005-1",
                  },
                  {
                     name: "https://bugs.chromium.org/p/project-zero/issues/detail?id=836",
                     refsource: "MISC",
                     url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=836",
                  },
                  {
                     name: "SUSE-SU-2016:1985",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html",
                  },
                  {
                     name: "91157",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/91157",
                  },
                  {
                     name: "openSUSE-SU-2016:2184",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html",
                  },
                  {
                     name: "USN-2999-1",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/USN-2999-1",
                  },
                  {
                     name: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2f36db71009304b3f0b95afacd8eba1f9f046b87",
                     refsource: "CONFIRM",
                     url: "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2f36db71009304b3f0b95afacd8eba1f9f046b87",
                  },
                  {
                     name: "SUSE-SU-2016:2006",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html",
                  },
                  {
                     name: "[oss-security] 20160610 [vs-plain] Linux kernel stack overflow via ecryptfs and /proc/$pid/environ",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2016/06/10/8",
                  },
                  {
                     name: "SUSE-SU-2016:2014",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html",
                  },
                  {
                     name: "openSUSE-SU-2016:1641",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html",
                  },
                  {
                     name: "USN-2997-1",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/USN-2997-1",
                  },
                  {
                     name: "USN-3000-1",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/USN-3000-1",
                  },
                  {
                     name: "https://github.com/torvalds/linux/commit/f0fe970df3838c202ef6c07a4c2b36838ef0a88b",
                     refsource: "MISC",
                     url: "https://github.com/torvalds/linux/commit/f0fe970df3838c202ef6c07a4c2b36838ef0a88b",
                  },
                  {
                     name: "DSA-3607",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2016/dsa-3607",
                  },
                  {
                     name: "1036763",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id/1036763",
                  },
                  {
                     name: "https://github.com/torvalds/linux/commit/2f36db71009304b3f0b95afacd8eba1f9f046b87",
                     refsource: "CONFIRM",
                     url: "https://github.com/torvalds/linux/commit/2f36db71009304b3f0b95afacd8eba1f9f046b87",
                  },
                  {
                     name: "USN-3002-1",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/USN-3002-1",
                  },
                  {
                     name: "USN-2996-1",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/USN-2996-1",
                  },
                  {
                     name: "SUSE-SU-2016:1672",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html",
                  },
                  {
                     name: "SUSE-SU-2016:2009",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html",
                  },
                  {
                     name: "SUSE-SU-2016:1596",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00027.html",
                  },
                  {
                     name: "RHSA-2017:2760",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2017:2760",
                  },
                  {
                     name: "SUSE-SU-2016:2005",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html",
                  },
                  {
                     name: "SUSE-SU-2016:2007",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html",
                  },
                  {
                     name: "USN-3007-1",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/USN-3007-1",
                  },
                  {
                     name: "SUSE-SU-2016:2000",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html",
                  },
                  {
                     name: "RHSA-2016:2124",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2016-2124.html",
                  },
                  {
                     name: "USN-3003-1",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/USN-3003-1",
                  },
                  {
                     name: "SUSE-SU-2016:1995",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html",
                  },
                  {
                     name: "SUSE-SU-2016:2105",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html",
                  },
                  {
                     name: "[oss-security] 20160622 Re: [vs-plain] Linux kernel stack overflow via ecryptfs and /proc/$pid/environ",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2016/06/22/1",
                  },
                  {
                     name: "SUSE-SU-2016:2002",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html",
                  },
                  {
                     name: "https://bugzilla.redhat.com/show_bug.cgi?id=1344721",
                     refsource: "CONFIRM",
                     url: "https://bugzilla.redhat.com/show_bug.cgi?id=1344721",
                  },
                  {
                     name: "USN-2998-1",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/USN-2998-1",
                  },
                  {
                     name: "http://packetstormsecurity.com/files/137560/Linux-ecryptfs-Stack-Overflow.html",
                     refsource: "MISC",
                     url: "http://packetstormsecurity.com/files/137560/Linux-ecryptfs-Stack-Overflow.html",
                  },
                  {
                     name: "USN-3008-1",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/USN-3008-1",
                  },
                  {
                     name: "SUSE-SU-2016:1937",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "cc1ad9ee-3454-478d-9317-d3e869d708bc",
      assignerShortName: "canonical",
      cveId: "CVE-2016-1583",
      datePublished: "2016-06-27T10:00:00",
      dateReserved: "2016-01-12T00:00:00",
      dateUpdated: "2024-08-05T23:02:11.789Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

Vulnerability from csaf_suse

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature