7.8

CVE-2016-1583

Exploit
The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 2.6.19 < 3.18.54
LinuxLinux Kernel Version >= 3.19 < 4.4.14
LinuxLinux Kernel Version >= 4.5 < 4.6.3
NovellSuse Linux Enterprise Debuginfo Version11.0 Updatesp4
NovellSuse Linux Enterprise Desktop Version12.0 Updatesp1
NovellSuse Linux Enterprise Server Version11.0 Updateextra
NovellSuse Linux Enterprise Server Version11.0 Updatesp4
NovellSuse Linux Enterprise Server Version12.0 Updatesp1
CanonicalUbuntu Linux Version12.04 SwEdition-
CanonicalUbuntu Linux Version14.04 SwEditionesm
CanonicalUbuntu Linux Version15.10
CanonicalUbuntu Linux Version16.04 SwEditionesm
DebianDebian Linux Version8.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.39% 0.688
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://www.securitytracker.com/id/1036763
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/USN-2998-1
Third Party Advisory
http://www.ubuntu.com/usn/USN-3000-1
Third Party Advisory
http://www.ubuntu.com/usn/USN-3001-1
Third Party Advisory
http://www.ubuntu.com/usn/USN-3002-1
Third Party Advisory
http://www.ubuntu.com/usn/USN-3003-1
Third Party Advisory
http://www.ubuntu.com/usn/USN-3004-1
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html
Third Party Advisory
http://www.debian.org/security/2016/dsa-3607
Third Party Advisory
http://www.ubuntu.com/usn/USN-2996-1
Third Party Advisory
http://www.ubuntu.com/usn/USN-2997-1
Third Party Advisory
http://www.ubuntu.com/usn/USN-3005-1
Third Party Advisory
http://www.ubuntu.com/usn/USN-3006-1
Third Party Advisory
http://www.ubuntu.com/usn/USN-3007-1
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-2766.html
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html
Third Party Advisory
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2f36db71009304b3f0b95afacd8eba1f9f046b87
Vendor Advisory
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f5364c150aa645b3d7daa21b5c0b9feaa1c9cd6d
Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00027.html
Third Party Advisory
http://packetstormsecurity.com/files/137560/Linux-ecryptfs-Stack-Overflow.html
Third Party Advisory
VDB Entry
http://rhn.redhat.com/errata/RHSA-2016-2124.html
Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/06/10/8
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2016/06/22/1
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/91157
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/USN-2999-1
Third Party Advisory
http://www.ubuntu.com/usn/USN-3008-1
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2760
Third Party Advisory
https://bugs.chromium.org/p/project-zero/issues/detail?id=836
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1344721
VDB Entry
Issue Tracking
https://github.com/torvalds/linux/commit/2f36db71009304b3f0b95afacd8eba1f9f046b87
Vendor Advisory
https://github.com/torvalds/linux/commit/f0fe970df3838c202ef6c07a4c2b36838ef0a88b
Third Party Advisory
https://github.com/torvalds/linux/commit/f5364c150aa645b3d7daa21b5c0b9feaa1c9cd6d
Vendor Advisory
https://www.exploit-db.com/exploits/39992/
Third Party Advisory
Exploit
VDB Entry
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.3
Vendor Advisory
Release Notes