PT-2016-6025 · Linux+5 · Linux Kernel+5

Jann Horn

·

Publicado

2016-05-10

·

Atualizado

2023-01-18

·

CVE-2016-4565

CVSS v3.1

7.8

Alta

VetorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.5.3
Description The InfiniBand stack in the Linux kernel incorrectly relies on the write system call, allowing local users to cause a denial of service or possibly have unspecified other impact via a uAPI interface.
Recommendations For versions prior to 4.5.3, update to version 4.5.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the uAPI interface until a patch is available.

Correção

DoS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264

Identificadores relacionados

ALT-PU-2016-1470
ALT-PU-2016-1485
CESA-2016_1277
CESA-2016_1406
CVE-2016-4565
DLA-516-1
DSA-3607-1
OPENSUSE-SU-2016_1641-1
OPENSUSE-SU-2016_2144-1
OPENSUSE-SU-2016_2184-1
RHSA-2016:1277
RHSA-2016:1301
RHSA-2016:1341
RHSA-2016:1406
RHSA-2016:1489
RHSA-2016:1581
RHSA-2016:1617
RHSA-2016:1640
RHSA-2016:1657
RHSA-2016:1814
RHSA-2016_1277
RHSA-2016_1301
RHSA-2016_1406
SUSE-SU-2016:1672-1
SUSE-SU-2016:1690-1
SUSE-SU-2016:1937-1
SUSE-SU-2016:1961-1
SUSE-SU-2016:1985-1
SUSE-SU-2016:1994-1
SUSE-SU-2016:1995-1
SUSE-SU-2016:2000-1
SUSE-SU-2016:2001-1
SUSE-SU-2016:2002-1
SUSE-SU-2016:2003-1
SUSE-SU-2016:2005-1
SUSE-SU-2016:2006-1
SUSE-SU-2016:2007-1
SUSE-SU-2016:2009-1
SUSE-SU-2016:2010-1
SUSE-SU-2016:2011-1
SUSE-SU-2016:2014-1
SUSE-SU-2016:2105-1
SUSE-SU-2016:2245-1
SUSE-SU-2017:0333-1
USN-3001-1
USN-3002-1
USN-3003-1
USN-3004-1
USN-3005-1
USN-3006-1
USN-3007-1
USN-3018-1
USN-3018-2
USN-3019-1
USN-3021-1
USN-3021-2

Produtos afetados

Alt Linux
Centos
Linux Kernel
Red Hat
Suse
Ubuntu