7.8

CVE-2016-1583

Exploit

EPSS 0.25%
Veröffentlicht 27.06.2016 10:59:03
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle security@ubuntu.com
Teams Watchlist Login
Unerledigt Login

The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 53

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 2.6.19 < 3.18.54

Linux ≫ Linux Kernel Version >= 3.19 < 4.4.14

Linux ≫ Linux Kernel Version >= 4.5 < 4.6.3

Novell ≫ Suse Linux Enterprise Software Development Kit Version11.0 Updatesp4

Novell ≫ Suse Linux Enterprise Software Development Kit Version12.0

Novell ≫ Suse Linux Enterprise Software Development Kit Version12.0 Updatesp1

Novell ≫ Suse Linux Enterprise Debuginfo Version11.0 Updatesp4

Novell ≫ Suse Linux Enterprise Desktop Version12.0

Novell ≫ Suse Linux Enterprise Desktop Version12.0 Updatesp1

Novell ≫ Suse Linux Enterprise Live Patching Version12.0

Novell ≫ Suse Linux Enterprise Module For Public Cloud Version12

Novell ≫ Suse Linux Enterprise Server Version11.0 Updateextra

Novell ≫ Suse Linux Enterprise Server Version11.0 Updatesp4

Novell ≫ Suse Linux Enterprise Server Version12.0

Novell ≫ Suse Linux Enterprise Server Version12.0 Updatesp1

Novell ≫ Suse Linux Enterprise Workstation Extension Version12.0

Novell ≫ Suse Linux Enterprise Workstation Extension Version12.0 Updatesp1

Canonical ≫ Ubuntu Linux Version12.04 SwEdition-

Canonical ≫ Ubuntu Linux Version14.04 SwEditionesm

Canonical ≫ Ubuntu Linux Version15.10

Canonical ≫ Ubuntu Linux Version16.04 SwEditionesm

Debian ≫ Debian Linux Version8.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.25%	0.483

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://www.securitytracker.com/id/1036763

Third Party Advisory

VDB Entry

http://www.ubuntu.com/usn/USN-2998-1

Third Party Advisory

http://www.ubuntu.com/usn/USN-3000-1

Third Party Advisory

http://www.ubuntu.com/usn/USN-3001-1

Third Party Advisory

http://www.ubuntu.com/usn/USN-3002-1

Third Party Advisory

http://www.ubuntu.com/usn/USN-3003-1

Third Party Advisory

http://www.ubuntu.com/usn/USN-3004-1

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html

Third Party Advisory

http://www.debian.org/security/2016/dsa-3607

Third Party Advisory

http://www.ubuntu.com/usn/USN-2996-1

Third Party Advisory

http://www.ubuntu.com/usn/USN-2997-1

Third Party Advisory

http://www.ubuntu.com/usn/USN-3005-1

Third Party Advisory

http://www.ubuntu.com/usn/USN-3006-1

Third Party Advisory

http://www.ubuntu.com/usn/USN-3007-1

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2016-2766.html

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html

Third Party Advisory

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2f36db71009304b3f0b95afacd8eba1f9f046b87

Vendor Advisory

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f5364c150aa645b3d7daa21b5c0b9feaa1c9cd6d

Vendor Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00027.html

Third Party Advisory

http://packetstormsecurity.com/files/137560/Linux-ecryptfs-Stack-Overflow.html

Third Party Advisory

VDB Entry

http://rhn.redhat.com/errata/RHSA-2016-2124.html

Third Party Advisory

http://www.openwall.com/lists/oss-security/2016/06/10/8

Third Party Advisory

Mailing List

http://www.openwall.com/lists/oss-security/2016/06/22/1

Third Party Advisory

Mailing List

http://www.securityfocus.com/bid/91157

Third Party Advisory

VDB Entry

http://www.ubuntu.com/usn/USN-2999-1

Third Party Advisory

http://www.ubuntu.com/usn/USN-3008-1

Third Party Advisory

https://access.redhat.com/errata/RHSA-2017:2760

Third Party Advisory

https://bugs.chromium.org/p/project-zero/issues/detail?id=836

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1344721

VDB Entry

Issue Tracking

https://github.com/torvalds/linux/commit/2f36db71009304b3f0b95afacd8eba1f9f046b87

Vendor Advisory

https://github.com/torvalds/linux/commit/f0fe970df3838c202ef6c07a4c2b36838ef0a88b

Third Party Advisory

https://github.com/torvalds/linux/commit/f5364c150aa645b3d7daa21b5c0b9feaa1c9cd6d

Vendor Advisory

https://www.exploit-db.com/exploits/39992/

Third Party Advisory

Exploit

VDB Entry

https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.3

Vendor Advisory

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2016-1583

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-1583

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-1583

EUVD