PT-2016-6152 · Linux+2 · Linux Kernel+2

Baozeng Ding

Publicado

2016-04-21

Atualizado

2023-01-17

CVE-2016-4805

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.5.2

Description A use-after-free issue exists, allowing local users to cause a denial of service, potentially resulting in memory corruption, system crash, or spinlock. This issue is related to the removal of a network namespace and involves the (ppp register net channel) and (ppp unregister channel) functions.

Recommendations For versions prior to 4.5.2, update to version 4.5.2 or later to resolve the issue. As a temporary workaround, consider restricting the removal of network namespaces to minimize the risk of exploitation.

Exploit

Correção

DoS

Use After Free

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-416

Identificadores relacionados

ALT-PU-2016-1352

ALT-PU-2016-1485

CVE-2016-4805

DSA-3607-1

OPENSUSE-SU-2016_1641-1

OPENSUSE-SU-2016_2144-1

OPENSUSE-SU-2016_2184-1

OPENSUSE-SU-2016_2290-1

SUSE-SU-2016:1672-1

SUSE-SU-2016:1690-1

SUSE-SU-2016:1937-1

SUSE-SU-2016:1985-1

SUSE-SU-2016:2105-1

SUSE-SU-2016:2245-1

SUSE-SU-2017:0333-1

USN-3021-1

USN-3021-2

Produtos afetados

Alt Linux

Linux Kernel

Suse

PT-2016-6152 · Linux+2 · Linux Kernel+2

CVE-2016-4805

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 413