PT-2016-4408 · Red Hat+4 · Red Hat+4

Petr Matousek

Publicado

2015-11-19

Atualizado

2016-12-03

CVE-2016-0774

CVSS v3.1

6.8

Média

Vetor

AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

Name of the Vulnerable Software and Affected Versions linux package versions prior to 3.2.73-2+deb7u3 linux package versions prior to 3.10.0-229.26.2 on Red Hat Enterprise Linux (RHEL) 7.1

Description The issue is related to the pipe read and pipe write implementations in fs/pipe.c in certain Linux kernel backports. It allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application. This is due to the improper consideration of side effects from failed copy to user inatomic and copy from user inatomic calls, leading to an "I/O vector array overrun."

Recommendations For linux package versions prior to 3.2.73-2+deb7u3, update to version 3.2.73-2+deb7u3 or later to resolve the issue. For linux package versions prior to 3.10.0-229.26.2 on Red Hat Enterprise Linux (RHEL) 7.1, update to version 3.10.0-229.26.2 or later to resolve the issue.

Correção

DoS

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CESA-2015_2152

CESA-2016_0494

CVE-2016-0774

DLA-439-1

DSA-3503-1

RHSA-2015:2152

RHSA-2015_2152

RHSA-2016:0103

RHSA-2016:0494

RHSA-2016:0617

RHSA-2016_0494

SUSE-SU-2016:0785-1

SUSE-SU-2016:1031-1

SUSE-SU-2016:1032-1

SUSE-SU-2016:1033-1

SUSE-SU-2016:1034-1

SUSE-SU-2016:1035-1

SUSE-SU-2016:1037-1

SUSE-SU-2016:1038-1

SUSE-SU-2016:1039-1

SUSE-SU-2016:1040-1

SUSE-SU-2016:1041-1

SUSE-SU-2016:1045-1

SUSE-SU-2016:1046-1

USN-2967-1

USN-2967-2

USN-2968-1

USN-2968-2

Produtos afetados

Centos

Linux

Red Hat

Suse

Ubuntu

PT-2016-4408 · Red Hat+4 · Red Hat+4

CVE-2016-0774

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 168