PT-2016-6698 · Linux+5 · Linux Kernel+5

Cyril Bur

·

Published

2016-03-17

·

Updated

2023-01-17

·

CVE-2016-5828

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.6.3 on powerpc platforms
Description The issue is related to the mishandling of transactional state by the start thread function in the Linux kernel, which can be exploited by local users to cause a denial of service, resulting in an invalid process state or a TM Bad Thing exception, and potentially leading to a system crash. The exploitation involves starting and suspending a transaction before an exec system call.
Recommendations For Linux kernel versions prior to 4.6.3 on powerpc platforms: update to a version that includes the fix for this issue to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALT-PU-2016-1262
ALT-PU-2016-1795
ALT-PU-2016-1796
CESA-2016_2574
CVE-2016-5828
DSA-3616-1
OPENSUSE-SU-2016_2184-1
RHSA-2016:2574
RHSA-2016_2574
SUSE-SU-2016:1937-1
SUSE-SU-2016:2105-1
SUSE-SU-2017:0471-1
USN-3070-1
USN-3070-2
USN-3070-3
USN-3070-4
USN-3071-1
USN-3071-2

Affected Products

Alt Linux
Centos
Linux Kernel
Red Hat
Suse
Ubuntu