Lucene search

[email protected]CVE-2016-0774

HistoryApr 27, 2016 - 5:59 p.m.

CVE-2016-0774

2016-04-2717:59:00

CWE-20

[email protected]

web.nvd.nist.gov

115

cve-2016-0774

linux

kernel

local exploit

denial of service

privilege escalation

nvd

6.8 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

6.7 Medium

AI Score

Confidence

High

5.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:P/I:N/A:C

0.001 Low

EPSS

Percentile

38.0%

JSON

The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in a certain Linux kernel backport in the linux package before 3.2.73-2+deb7u3 on Debian wheezy and the kernel package before 3.10.0-229.26.2 on Red Hat Enterprise Linux (RHEL) 7.1 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an “I/O vector array overrun.” NOTE: this vulnerability exists because of an incorrect fix for CVE-2015-1805.

CPENameOperatorVersion
linux:linux_kernellinux linux kerneleq-
google:androidgoogle androidle6.0.1

CPE	Name	Operator	Version
linux:linux_kernel	linux linux kernel	eq	-
google:android	google android	le	6.0.1

References

lists.opensuse.org/opensuse-security-announce/2016-04/msg00025.html

lists.opensuse.org/opensuse-security-announce/2016-04/msg00026.html

lists.opensuse.org/opensuse-security-announce/2016-04/msg00027.html

lists.opensuse.org/opensuse-security-announce/2016-04/msg00028.html

lists.opensuse.org/opensuse-security-announce/2016-04/msg00029.html

lists.opensuse.org/opensuse-security-announce/2016-04/msg00030.html

lists.opensuse.org/opensuse-security-announce/2016-04/msg00031.html

lists.opensuse.org/opensuse-security-announce/2016-04/msg00032.html

lists.opensuse.org/opensuse-security-announce/2016-04/msg00033.html

lists.opensuse.org/opensuse-security-announce/2016-04/msg00034.html

lists.opensuse.org/opensuse-security-announce/2016-04/msg00036.html

lists.opensuse.org/opensuse-security-announce/2016-04/msg00037.html

rhn.redhat.com/errata/RHSA-2016-0494.html

rhn.redhat.com/errata/RHSA-2016-0617.html

source.android.com/security/bulletin/2016-05-01.html

www.debian.org/security/2016/dsa-3503

www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

www.securityfocus.com/bid/84126

www.ubuntu.com/usn/USN-2967-1

www.ubuntu.com/usn/USN-2967-2

www.ubuntu.com/usn/USN-2968-1

www.ubuntu.com/usn/USN-2968-2

bugzilla.redhat.com/show_bug.cgi?id=1303961

security-tracker.debian.org/tracker/CVE-2016-0774

6.8 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

6.7 Medium

AI Score

Confidence

High

5.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:P/I:N/A:C

0.001 Low

EPSS

Percentile

38.0%

JSON

CVE-2016-0774

References

Related