PT-2016-6025 · Linux+5 · Linux Kernel+5

Jann Horn

·

Published

2016-05-10

·

Updated

2023-01-18

·

CVE-2016-4565

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.5.3
Description The InfiniBand stack in the Linux kernel incorrectly relies on the write system call, allowing local users to cause a denial of service or possibly have unspecified other impact via a uAPI interface.
Recommendations For versions prior to 4.5.3, update to version 4.5.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the uAPI interface until a patch is available.

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

ALT-PU-2016-1470
ALT-PU-2016-1485
CESA-2016_1277
CESA-2016_1406
CVE-2016-4565
DLA-516-1
DSA-3607-1
OPENSUSE-SU-2016_1641-1
OPENSUSE-SU-2016_2144-1
OPENSUSE-SU-2016_2184-1
RHSA-2016:1277
RHSA-2016:1301
RHSA-2016:1341
RHSA-2016:1406
RHSA-2016:1489
RHSA-2016:1581
RHSA-2016:1617
RHSA-2016:1640
RHSA-2016:1657
RHSA-2016:1814
RHSA-2016_1277
RHSA-2016_1301
RHSA-2016_1406
SUSE-SU-2016:1672-1
SUSE-SU-2016:1690-1
SUSE-SU-2016:1937-1
SUSE-SU-2016:1961-1
SUSE-SU-2016:1985-1
SUSE-SU-2016:1994-1
SUSE-SU-2016:1995-1
SUSE-SU-2016:2000-1
SUSE-SU-2016:2001-1
SUSE-SU-2016:2002-1
SUSE-SU-2016:2003-1
SUSE-SU-2016:2005-1
SUSE-SU-2016:2006-1
SUSE-SU-2016:2007-1
SUSE-SU-2016:2009-1
SUSE-SU-2016:2010-1
SUSE-SU-2016:2011-1
SUSE-SU-2016:2014-1
SUSE-SU-2016:2105-1
SUSE-SU-2016:2245-1
SUSE-SU-2017:0333-1
USN-3001-1
USN-3002-1
USN-3003-1
USN-3004-1
USN-3005-1
USN-3006-1
USN-3007-1
USN-3018-1
USN-3018-2
USN-3019-1
USN-3021-1
USN-3021-2

Affected Products

Alt Linux
Centos
Linux Kernel
Red Hat
Suse
Ubuntu