PT-2016-6152 · Linux+2 · Linux Kernel+2

Baozeng Ding

Published

2016-04-21

Updated

2023-01-17

CVE-2016-4805

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.5.2

Description A use-after-free issue exists, allowing local users to cause a denial of service, potentially resulting in memory corruption, system crash, or spinlock. This issue is related to the removal of a network namespace and involves the (ppp register net channel) and (ppp unregister channel) functions.

Recommendations For versions prior to 4.5.2, update to version 4.5.2 or later to resolve the issue. As a temporary workaround, consider restricting the removal of network namespaces to minimize the risk of exploitation.

Exploit

Fix

DoS

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALT-PU-2016-1352

ALT-PU-2016-1485

CVE-2016-4805

DSA-3607-1

OPENSUSE-SU-2016_1641-1

OPENSUSE-SU-2016_2144-1

OPENSUSE-SU-2016_2184-1

OPENSUSE-SU-2016_2290-1

SUSE-SU-2016:1672-1

SUSE-SU-2016:1690-1

SUSE-SU-2016:1937-1

SUSE-SU-2016:1985-1

SUSE-SU-2016:2105-1

SUSE-SU-2016:2245-1

SUSE-SU-2017:0333-1

USN-3021-1

USN-3021-2

Affected Products

Alt Linux

Linux Kernel

Suse

PT-2016-6152 · Linux+2 · Linux Kernel+2

CVE-2016-4805

Weakness Enumeration

Related Identifiers

Affected Products

References · 413