7.8
CVE-2016-1583
- EPSS 1.39%
- Veröffentlicht 27.06.2016 10:59:03
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle security@ubuntu.com
- CVE-Watchlists
- Unerledigt
The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 2.6.19 < 3.18.54
Linux ≫ Linux Kernel Version >= 3.19 < 4.4.14
Linux ≫ Linux Kernel Version >= 4.5 < 4.6.3
Novell ≫ Suse Linux Enterprise Software Development Kit Version11.0 Updatesp4
Novell ≫ Suse Linux Enterprise Software Development Kit Version12.0
Novell ≫ Suse Linux Enterprise Software Development Kit Version12.0 Updatesp1
Novell ≫ Suse Linux Enterprise Debuginfo Version11.0 Updatesp4
Novell ≫ Suse Linux Enterprise Desktop Version12.0
Novell ≫ Suse Linux Enterprise Desktop Version12.0 Updatesp1
Novell ≫ Suse Linux Enterprise Live Patching Version12.0
Novell ≫ Suse Linux Enterprise Module For Public Cloud Version12
Novell ≫ Suse Linux Enterprise Server Version11.0 Updateextra
Novell ≫ Suse Linux Enterprise Server Version11.0 Updatesp4
Novell ≫ Suse Linux Enterprise Server Version12.0
Novell ≫ Suse Linux Enterprise Server Version12.0 Updatesp1
Novell ≫ Suse Linux Enterprise Workstation Extension Version12.0
Novell ≫ Suse Linux Enterprise Workstation Extension Version12.0 Updatesp1
Canonical ≫ Ubuntu Linux Version12.04 SwEdition-
Canonical ≫ Ubuntu Linux Version14.04 SwEditionesm
Canonical ≫ Ubuntu Linux Version15.10
Canonical ≫ Ubuntu Linux Version16.04 SwEditionesm
Debian ≫ Debian Linux Version8.0
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.39% | 0.688 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.2 | 3.9 | 10 |
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
http://www.securitytracker.com/id/1036763
http://www.ubuntu.com/usn/USN-2998-1
http://www.ubuntu.com/usn/USN-3000-1
http://www.ubuntu.com/usn/USN-3001-1
http://www.ubuntu.com/usn/USN-3002-1
http://www.ubuntu.com/usn/USN-3003-1
http://www.ubuntu.com/usn/USN-3004-1
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html
http://www.debian.org/security/2016/dsa-3607
http://www.ubuntu.com/usn/USN-2996-1
http://www.ubuntu.com/usn/USN-2997-1
http://www.ubuntu.com/usn/USN-3005-1
http://www.ubuntu.com/usn/USN-3006-1
http://www.ubuntu.com/usn/USN-3007-1
http://rhn.redhat.com/errata/RHSA-2016-2766.html
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2f36db71009304b3f0b95afacd8eba1f9f046b87
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f5364c150aa645b3d7daa21b5c0b9feaa1c9cd6d
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00027.html
http://packetstormsecurity.com/files/137560/Linux-ecryptfs-Stack-Overflow.html
http://rhn.redhat.com/errata/RHSA-2016-2124.html
http://www.openwall.com/lists/oss-security/2016/06/10/8
http://www.openwall.com/lists/oss-security/2016/06/22/1
http://www.securityfocus.com/bid/91157
http://www.ubuntu.com/usn/USN-2999-1
http://www.ubuntu.com/usn/USN-3008-1
https://access.redhat.com/errata/RHSA-2017:2760
https://bugs.chromium.org/p/project-zero/issues/detail?id=836
https://bugzilla.redhat.com/show_bug.cgi?id=1344721
https://github.com/torvalds/linux/commit/2f36db71009304b3f0b95afacd8eba1f9f046b87
https://github.com/torvalds/linux/commit/f0fe970df3838c202ef6c07a4c2b36838ef0a88b
https://github.com/torvalds/linux/commit/f5364c150aa645b3d7daa21b5c0b9feaa1c9cd6d
https://www.exploit-db.com/exploits/39992/
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.3