PT-2016-1597 · Linux+2 · Linux Kernel+2

Zach Riggle

·

Published

2015-11-18

·

Updated

2022-01-31

·

CVE-2016-0821

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.3
Description The issue is related to errors in handling the mmap min addr variable in the LIST POISON function of the Linux kernel. This can allow a remote attacker to bypass a protection mechanism by triggering the use of an uninitialized list entry.
Recommendations For Linux kernel versions prior to 4.3, update to version 4.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the mmap min addr variable to minimize the risk of exploitation.

Fix

Use of Uninitialized Resource

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-254CWE-908

Related Identifiers

ALT-PU-2015-2010
ALT-PU-2016-1485
BDU:2016-00898
CVE-2016-0821
DLA-516-1
DSA-3607-1
USN-2967-1
USN-2967-2
USN-2968-1
USN-2968-2
USN-2969-1
USN-2970-1
USN-2971-1
USN-2971-2
USN-2971-3

Affected Products

Alt Linux
Linux Kernel
Ubuntu