Lucene search

K
nvd[email protected]NVD:CVE-2016-6198
HistoryAug 06, 2016 - 8:59 p.m.

CVE-2016-6198

2016-08-0620:59:13
CWE-284
web.nvd.nist.gov
10
linux kernel
denial of service
rename system call

CVSS2

4.9

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

5.7

Confidence

High

EPSS

0

Percentile

10.1%

The filesystem layer in the Linux kernel before 4.5.5 proceeds with post-rename operations after an OverlayFS file is renamed to a self-hardlink, which allows local users to cause a denial of service (system crash) via a rename system call, related to fs/namei.c and fs/open.c.

Affected configurations

Nvd
Node
linuxlinux_kernelRange4.5.4
Node
oraclelinuxMatch6
Node
oraclevm_serverMatch3.4
VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
oraclelinux6cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*
oraclevm_server3.4cpe:2.3:a:oracle:vm_server:3.4:*:*:*:*:*:*:*

References

CVSS2

4.9

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

5.7

Confidence

High

EPSS

0

Percentile

10.1%