7.8

CVE-2016-10153

The crypto scatterlist API in the Linux kernel 4.9.x before 4.9.6 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging reliance on earlier net/ceph/crypto.c code.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version4.9
LinuxLinux Kernel Version4.9.1
LinuxLinux Kernel Version4.9.2
LinuxLinux Kernel Version4.9.3
LinuxLinux Kernel Version4.9.4
LinuxLinux Kernel Version4.9.5
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.43% 0.342
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a45f795c65b479b4ba107b6ccde29b896d51ee98
Patch
Third Party Advisory
Issue Tracking
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.6
Vendor Advisory
Release Notes
http://www.openwall.com/lists/oss-security/2017/01/21/3
Patch
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/95713
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1416101
Patch
Issue Tracking
https://github.com/torvalds/linux/commit/a45f795c65b479b4ba107b6ccde29b896d51ee98
Patch
Third Party Advisory
Issue Tracking