CVE-2016-2847

EPSS 0.07%
Veröffentlicht 27.04.2016 17:59:21
Zuletzt bearbeitet 06.05.2026 22:30:45
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

fs/pipe.c in the Linux kernel before 4.5 does not limit the amount of unread data in pipes, which allows local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 31

NVD 17 VulnDex Vulnerability Enrichment 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version <= 4.4.8

Novell ≫ Suse Linux Enterprise Software Development Kit Version11.0 Updatesp4

Novell ≫ Suse Linux Enterprise Software Development Kit Version12.0

Novell ≫ Suse Linux Enterprise Software Development Kit Version12.0 Updatesp1

Novell ≫ Suse Linux Enterprise Debuginfo Version11.0 Updatesp4

Novell ≫ Suse Linux Enterprise Desktop Version12.0

Novell ≫ Suse Linux Enterprise Desktop Version12.0 Updatesp1

Novell ≫ Suse Linux Enterprise Live Patching Version12.0

Novell ≫ Suse Linux Enterprise Module For Public Cloud Version12.0

Novell ≫ Suse Linux Enterprise Real Time Extension Version11.0 Updatesp4

Novell ≫ Suse Linux Enterprise Real Time Extension Version12.0 Updatesp1

Novell ≫ Suse Linux Enterprise Server Version11.0 Updateextra

Novell ≫ Suse Linux Enterprise Server Version11.0 Updatesp4

Novell ≫ Suse Linux Enterprise Server Version12.0

Novell ≫ Suse Linux Enterprise Server Version12.0 Updatesp1

Novell ≫ Suse Linux Enterprise Workstation Extension Version12.0

Novell ≫ Suse Linux Enterprise Workstation Extension Version12.0 Updatesp1

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.221

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.2	2.5	3.6	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	4.9	3.9	6.9	AV:L/AC:L/Au:N/C:N/I:N/A:C

Es wurden noch keine Informationen zu CWE veröffentlicht.

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html

http://www.ubuntu.com/usn/USN-2967-1

http://www.ubuntu.com/usn/USN-2967-2

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html

Third Party Advisory

http://www.ubuntu.com/usn/USN-2947-1

http://www.ubuntu.com/usn/USN-2947-2

http://www.ubuntu.com/usn/USN-2947-3

http://www.ubuntu.com/usn/USN-2948-1

http://www.ubuntu.com/usn/USN-2948-2

http://rhn.redhat.com/errata/RHSA-2016-2574.html

http://rhn.redhat.com/errata/RHSA-2016-2584.html

http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html

http://www.debian.org/security/2016/dsa-3503

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html

Third Party Advisory

http://www.ubuntu.com/usn/USN-2946-1

http://www.ubuntu.com/usn/USN-2946-2

http://www.ubuntu.com/usn/USN-2949-1

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html

Third Party Advisory

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=759c01142a5d0f364a462346168a56de28a80f52

Patch

Vendor Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2017-0217.html

http://www.openwall.com/lists/oss-security/2016/03/01/3

Patch

http://www.securityfocus.com/bid/83870

https://bugzilla.redhat.com/show_bug.cgi?id=1313428

Issue Tracking

https://github.com/torvalds/linux/commit/759c01142a5d0f364a462346168a56de28a80f52

https://nvd.nist.gov/vuln/detail/CVE-2016-2847

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-2847

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-2847

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2016-2847