7.8

CVE-2016-10044

The aio_mount function in fs/aio.c in the Linux kernel before 4.7.7 does not properly restrict execute access, which makes it easier for local users to bypass intended SELinux W^X policy restrictions, and consequently gain privileges, via an io_setup system call.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version < 3.16.43
LinuxLinux Kernel Version >= 3.17 < 4.4.24
LinuxLinux Kernel Version >= 4.5 < 4.7.7
GoogleAndroid Version <= 7.1.1
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.3% 0.215
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.securitytracker.com/id/1037798
Third Party Advisory
VDB Entry
http://source.android.com/security/bulletin/2017-02-01.html
Patch
Third Party Advisory
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=22f6b4d34fcf039c63a94e7670e0da24f8575a5a
Patch
Third Party Advisory
Issue Tracking
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.7
Vendor Advisory
Release Notes
http://www.securityfocus.com/bid/96122
Third Party Advisory
VDB Entry
https://github.com/torvalds/linux/commit/22f6b4d34fcf039c63a94e7670e0da24f8575a5a
Patch
Third Party Advisory
Issue Tracking