CVE-2016-1583

The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling.

Published : 2016-06-27 10:59 Updated : 2018-12-06 22:29

7.2
CVSS Score More info
Score 7.2 / 10
7.2
Vendor Product Version URI
Canonical Ubuntu Linux 12.04 cpe:/o:canonical:ubuntu_linux:12.04::~~lts~~~
Novell Suse Linux Enterprise Server 12.0 cpe:/o:novell:suse_linux_enterprise_server:12.0
Novell Suse Linux Enterprise Debuginfo 11.0 cpe:/o:novell:suse_linux_enterprise_debuginfo:11.0:sp4
Novell Suse Linux Enterprise Server 12.0 cpe:/o:novell:suse_linux_enterprise_server:12.0:sp1
Canonical Ubuntu Linux 16.04 cpe:/o:canonical:ubuntu_linux:16.04::~~lts~~~
Novell Suse Linux Enterprise Server 11.0 cpe:/o:novell:suse_linux_enterprise_server:11.0:extra
Canonical Ubuntu Linux 14.04 cpe:/o:canonical:ubuntu_linux:14.04::~~lts~~~
Novell Suse Linux Enterprise Live Patching 12.0 cpe:/o:novell:suse_linux_enterprise_live_patching:12.0
Novell Suse Linux Enterprise Server 11.0 cpe:/o:novell:suse_linux_enterprise_server:11.0:sp4
Novell Suse Linux Enterprise Software Development Kit 11.0 cpe:/a:novell:suse_linux_enterprise_software_development_kit:11.0:sp4
Novell Suse Linux Enterprise Workstation Extension 12.0 cpe:/o:novell:suse_linux_enterprise_workstation_extension:12.0
Canonical Ubuntu Linux 15.10 cpe:/o:canonical:ubuntu_linux:15.10
Linux Linux Kernel 4.6.2 cpe:/o:linux:linux_kernel:4.6.2
Novell Suse Linux Enterprise Workstation Extension 12.0 cpe:/o:novell:suse_linux_enterprise_workstation_extension:12.0:sp1
Novell Suse Linux Enterprise Desktop 12.0 cpe:/o:novell:suse_linux_enterprise_desktop:12.0:sp1
Novell Suse Linux Enterprise Software Development Kit 12.0 cpe:/o:novell:suse_linux_enterprise_software_development_kit:12.0:sp1
Novell Suse Linux Enterprise Module For Public Cloud 12 cpe:/o:novell:suse_linux_enterprise_module_for_public_cloud:12
Novell Suse Linux Enterprise Desktop 12.0 cpe:/o:novell:suse_linux_enterprise_desktop:12.0
Novell Suse Linux Enterprise Software Development Kit 12.0 cpe:/o:novell:suse_linux_enterprise_software_development_kit:12.0
  1. Canonical (1) Search CVE
    1. Ubuntu Linux (4) Search CVE
      1. 12.04
      2. 16.04
      3. 14.04
      4. 15.10
  2. Novell (7) Search CVE
    1. Suse Linux Enterprise Desktop (1) Search CVE
      1. 12.0
    2. Suse Linux Enterprise Module For Public Cloud (1) Search CVE
      1. 12
    3. Suse Linux Enterprise Software Development Kit (2) Search CVE
      1. 11.0
      2. 12.0
    4. Suse Linux Enterprise Live Patching (1) Search CVE
      1. 12.0
    5. Suse Linux Enterprise Debuginfo (1) Search CVE
      1. 11.0
    6. Suse Linux Enterprise Workstation Extension (1) Search CVE
      1. 12.0
    7. Suse Linux Enterprise Server (2) Search CVE
      1. 12.0
      2. 11.0
  3. Linux (1) Search CVE
    1. Linux Kernel (1) Search CVE
      1. 4.6.2

CWE

ID Name Description Links
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. CVE

References

Source Link
SUSE http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html
CONFIRM http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2f36db71009304b3f0b95afacd8eba1f9f046b87
CONFIRM http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f5364c150aa645b3d7daa21b5c0b9feaa1c9cd6d
SUSE http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00027.html
SUSE http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html
SUSE http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html
SUSE http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html
SUSE http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html
SUSE http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html
SUSE http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html
SUSE http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html
SUSE http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html
SUSE http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html
SUSE http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html
SUSE http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html
SUSE http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html
SUSE http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html
SUSE http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html
SUSE http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html
SUSE http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html
SUSE http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html
MISC http://packetstormsecurity.com/files/137560/Linux-ecryptfs-Stack-Overflow.html
DEBIAN http://www.debian.org/security/2016/dsa-3607
MLIST http://www.openwall.com/lists/oss-security/2016/06/10/8
MLIST http://www.openwall.com/lists/oss-security/2016/06/22/1
BID http://www.securityfocus.com/bid/91157
UBUNTU http://www.ubuntu.com/usn/USN-2996-1
UBUNTU http://www.ubuntu.com/usn/USN-2997-1
UBUNTU http://www.ubuntu.com/usn/USN-2998-1
UBUNTU http://www.ubuntu.com/usn/USN-2999-1
UBUNTU http://www.ubuntu.com/usn/USN-3000-1
UBUNTU http://www.ubuntu.com/usn/USN-3001-1
UBUNTU http://www.ubuntu.com/usn/USN-3002-1
UBUNTU http://www.ubuntu.com/usn/USN-3003-1
UBUNTU http://www.ubuntu.com/usn/USN-3004-1
UBUNTU http://www.ubuntu.com/usn/USN-3005-1
UBUNTU http://www.ubuntu.com/usn/USN-3006-1
UBUNTU http://www.ubuntu.com/usn/USN-3007-1
UBUNTU http://www.ubuntu.com/usn/USN-3008-1
MISC https://bugs.chromium.org/p/project-zero/issues/detail?id=836
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=1344721
CONFIRM https://github.com/torvalds/linux/commit/2f36db71009304b3f0b95afacd8eba1f9f046b87
CONFIRM https://github.com/torvalds/linux/commit/f5364c150aa645b3d7daa21b5c0b9feaa1c9cd6d
EXPLOIT-DB https://www.exploit-db.com/exploits/39992/
CONFIRM https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.3
SECTRACK http://www.securitytracker.com/id/1036763
REDHAT https://access.redhat.com/errata/RHSA-2017:2760
REDHAT http://rhn.redhat.com/errata/RHSA-2016-2766.html
REDHAT http://rhn.redhat.com/errata/RHSA-2016-2124.html
MISC https://github.com/torvalds/linux/commit/f0fe970df3838c202ef6c07a4c2b36838ef0a88b