PT-2016-6028 · Linux+2 · Linux Kernel+2
Andrej Nemec
·
Published
2016-05-10
·
Updated
2023-01-18
·
CVE-2016-4568
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 4.5.3
Description
The issue allows local users to cause a denial of service, specifically a kernel memory write operation, or possibly have other unspecified impacts. This is achieved via a crafted number of planes in a
VIDIOC DQBUF ioctl call, targeting the videobuf2-v4l2.c file in the Linux kernel.Recommendations
For Linux kernel versions prior to 4.5.3, update to version 4.5.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the
VIDIOC DQBUF ioctl call to minimize the risk of exploitation.Fix
DoS
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Linux Kernel
Ubuntu