PT-2016-6776 · Linux+2 · Linux Kernel+2
Pengfei Wang
·
Publicado
2016-08-06
·
Atualizado
2017-03-22
·
CVE-2016-6156
CVSS v3.1
5.1
Média
| Vetor | AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 4.7
Description
The issue is related to a race condition in the
ec device ioctl xcmd function, which can be exploited by local users to cause a denial of service through an out-of-bounds array access. This is achieved by changing a certain size value, and it is also known as a "double fetch" vulnerability.Recommendations
For Linux kernel versions prior to 4.7, update to version 4.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the
ec device ioctl xcmd function to minimize the risk of exploitation.Correção
DoS
Race Condition
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Alt Linux
Linux Kernel
Ubuntu