PT-2016-7428 · Linux+5 · Linux Kernel+5

Publicado

2016-06-22

Atualizado

2024-06-15

CVE-2016-7913

CVSS v2.0

9.3

Alta

Vetor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.6

Description The issue allows local users to gain privileges or cause a denial of service. This is due to a use-after-free error in the xc2028 set config function, which can be triggered by omitting the firmware name from a certain data structure.

Recommendations For Linux kernel versions prior to 4.6, update to version 4.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the xc2028 set config function to minimize the risk of exploitation.

Correção

DoS

Use After Free

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-416

Identificadores relacionados

ALT-PU-2016-1634

ALT-PU-2017-1330

CESA-2018_1062

CVE-2016-7913

MGASA-2017-0136

MGASA-2017-0147

MGASA-2017-0148

OPENSUSE-SU-2016_3050-1

OPENSUSE-SU-2016_3058-1

OPENSUSE-SU-2016_3061-1

OPENSUSE-SU-2024:10128-1

RHSA-2018:0676

RHSA-2018:1062

RHSA-2018_0676

RHSA-2018_1062

RHSA-2019:1170

RHSA-2019:1190

SUSE-SU-2017:0181-1

SUSE-SU-2017:0407-1

SUSE-SU-2017:0464-1

SUSE-SU-2017:0471-1

USN-3312-1

USN-3312-2

USN-3798-1

USN-3798-2

Produtos afetados

Alt Linux

Centos

Linux Kernel

Red Hat

Suse

Ubuntu

PT-2016-7428 · Linux+5 · Linux Kernel+5

CVE-2016-7913

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 436