Lucene search

[email protected]CVE-2016-0723

HistoryFeb 08, 2016 - 3:59 a.m.

CVE-2016-0723

2016-02-0803:59:00

NVD-CWE-Other

CWE-200

CWE-362

[email protected]

web.nvd.nist.gov

103

cve-2016-0723

linux kernel

race condition

tty_ioctl

denial of service

nvd

security vulnerability

6.8 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

6.6 Medium

AI Score

Confidence

High

5.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:P/I:N/A:C

0.002 Low

EPSS

Percentile

51.8%

JSON

Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call.

CPENameOperatorVersion
linux:linux_kernellinux linux kernelle4.4.1

CPE	Name	Operator	Version
linux:linux_kernel	linux linux kernel	le	4.4.1

References

git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5c17c861a357e9458001f021a7afa7aab9937439

lists.fedoraproject.org/pipermail/package-announce/2016-February/176464.html

lists.fedoraproject.org/pipermail/package-announce/2016-February/176484.html

lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html

lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html

lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html

lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html

lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html

source.android.com/security/bulletin/2016-07-01.html

www.debian.org/security/2016/dsa-3448

www.debian.org/security/2016/dsa-3503

www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html

www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html

www.securityfocus.com/bid/82950

www.securitytracker.com/id/1035695

www.ubuntu.com/usn/USN-2929-1

www.ubuntu.com/usn/USN-2929-2

www.ubuntu.com/usn/USN-2930-1

www.ubuntu.com/usn/USN-2930-2

www.ubuntu.com/usn/USN-2930-3

www.ubuntu.com/usn/USN-2932-1

www.ubuntu.com/usn/USN-2948-1

www.ubuntu.com/usn/USN-2948-2

www.ubuntu.com/usn/USN-2967-1

www.ubuntu.com/usn/USN-2967-2

bugzilla.redhat.com/show_bug.cgi?id=1296253

github.com/torvalds/linux/commit/5c17c861a357e9458001f021a7afa7aab9937439

security-tracker.debian.org/tracker/CVE-2016-0723

support.f5.com/csp/article/K43650115

6.8 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

6.6 Medium

AI Score

Confidence

High

5.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:P/I:N/A:C

0.002 Low

EPSS

Percentile

51.8%

JSON

Related for CVE-2016-0723

prion1 debiancve1 ubuntucve1 fortinet1 f51 suse10 openvas28 nessus27 fedora2 amazon1 debian5 osv3 ubuntu10 cloudfoundry1 oraclelinux1 lenovo1 androidsecurity1