PT-2016-7192 · Gnu+6 · Gnu Compiler Collection+6

Adam Mariš

·

Published

2016-10-16

·

Updated

2024-06-15

·

CVE-2016-7042

CVSS v3.1

6.2

Medium

VectorAV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.8.3
Description The issue allows local users to cause a denial of service, resulting in stack memory corruption and panic, by reading the /proc/keys file. This occurs due to the proc keys show function using an incorrect buffer size for certain timeout data when the GNU Compiler Collection (gcc) stack protector is enabled.
Recommendations For Linux kernel versions prior to 4.8.3, update to version 4.8.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the /proc/keys file to minimize the risk of exploitation.

Fix

DoS

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

ALT-PU-2016-2218
ALT-PU-2017-1330
CESA-2017_0817
CESA-2017_1842
CVE-2016-7042
DLA-670-1
DSA-3696-1
MGASA-2016-0401
MGASA-2016-0411
MGASA-2016-0412
OPENSUSE-SU-2016_3021-1
OPENSUSE-SU-2016_3050-1
OPENSUSE-SU-2016_3058-1
OPENSUSE-SU-2016_3061-1
OPENSUSE-SU-2024:10128-1
RHSA-2017:0817
RHSA-2017:1842
RHSA-2017:2077
RHSA-2017:2669
RHSA-2017_0817
RHSA-2017_1842
RHSA-2017_2077
SUSE-SU-2016:2912-1
SUSE-SU-2016:2976-1
SUSE-SU-2016:3304-1
SUSE-SU-2017:0181-1
SUSE-SU-2017:0333-1
SUSE-SU-2017:0471-1
SUSE-SU-2017:0494-1
SUSE-SU-2017:1102-1
USN-3126-1
USN-3126-2
USN-3127-1
USN-3127-2
USN-3128-1
USN-3128-2
USN-3128-3
USN-3129-1
USN-3129-2
USN-3161-3

Affected Products

Alt Linux
Centos
Gnu Compiler Collection
Linux Kernel
Red Hat
Suse
Ubuntu