PT-2016-6776 · Linux+2 · Linux Kernel+2
Pengfei Wang
·
Published
2016-08-06
·
Updated
2017-03-22
·
CVE-2016-6156
CVSS v3.1
5.1
Medium
| Vector | AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 4.7
Description
The issue is related to a race condition in the
ec device ioctl xcmd function, which can be exploited by local users to cause a denial of service through an out-of-bounds array access. This is achieved by changing a certain size value, and it is also known as a "double fetch" vulnerability.Recommendations
For Linux kernel versions prior to 4.7, update to version 4.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the
ec device ioctl xcmd function to minimize the risk of exploitation.Fix
DoS
Race Condition
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Linux Kernel
Ubuntu