PT-2016-7192 · Gnu+6 · Gnu Compiler Collection+6

Adam Mariš

·

Publicado

2016-10-16

·

Atualizado

2024-06-15

·

CVE-2016-7042

CVSS v3.1

6.2

Média

VetorAV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.8.3
Description The issue allows local users to cause a denial of service, resulting in stack memory corruption and panic, by reading the /proc/keys file. This occurs due to the proc keys show function using an incorrect buffer size for certain timeout data when the GNU Compiler Collection (gcc) stack protector is enabled.
Recommendations For Linux kernel versions prior to 4.8.3, update to version 4.8.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the /proc/keys file to minimize the risk of exploitation.

Correção

DoS

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

ALT-PU-2016-2218
ALT-PU-2017-1330
CESA-2017_0817
CESA-2017_1842
CVE-2016-7042
DLA-670-1
DSA-3696-1
MGASA-2016-0401
MGASA-2016-0411
MGASA-2016-0412
OPENSUSE-SU-2016_3021-1
OPENSUSE-SU-2016_3050-1
OPENSUSE-SU-2016_3058-1
OPENSUSE-SU-2016_3061-1
OPENSUSE-SU-2024:10128-1
RHSA-2017:0817
RHSA-2017:1842
RHSA-2017:2077
RHSA-2017:2669
RHSA-2017_0817
RHSA-2017_1842
RHSA-2017_2077
SUSE-SU-2016:2912-1
SUSE-SU-2016:2976-1
SUSE-SU-2016:3304-1
SUSE-SU-2017:0181-1
SUSE-SU-2017:0333-1
SUSE-SU-2017:0471-1
SUSE-SU-2017:0494-1
SUSE-SU-2017:1102-1
USN-3126-1
USN-3126-2
USN-3127-1
USN-3127-2
USN-3128-1
USN-3128-2
USN-3128-3
USN-3129-1
USN-3129-2
USN-3161-3

Produtos afetados

Alt Linux
Centos
Gnu Compiler Collection
Linux Kernel
Red Hat
Suse
Ubuntu