PT-2016-5673 · Linux+3 · Linux Kernel+3

David Matlack

·

Publicado

2016-05-16

·

Atualizado

2024-06-15

·

CVE-2016-3713

CVSS v3.1

7.1

Alta

VetorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.6.1
Description The issue allows guest OS users to read or write to the kvm arch vcpu data structure, potentially obtaining sensitive information or causing a denial of service (system crash). This can be achieved via a crafted ioctl call.
Recommendations For versions prior to 4.6.1, update to version 4.6.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the msr mtrr valid function in arch/x86/kvm/mtrr.c to minimize the risk of exploitation.

Correção

DoS

Improper Access Control

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-284

Identificadores relacionados

ALT-PU-2016-1634
ALT-PU-2017-1330
CVE-2016-3713
MGASA-2016-0225
MGASA-2016-0232
MGASA-2016-0233
OPENSUSE-SU-2024:10128-1
USN-2978-1
USN-2978-2
USN-2979-1
USN-2979-2

Produtos afetados

Alt Linux
Fortios
Linux Kernel
Ubuntu