7.8

CVE-2016-4913

The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM (aka alternate name) entries containing \0 characters, which allows local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs filesystem.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CanonicalUbuntu Linux Version12.04 SwEditionlts
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version15.10
CanonicalUbuntu Linux Version16.04 SwEditionlts
LinuxLinux Kernel Version < 3.2.81
LinuxLinux Kernel Version >= 3.3 < 3.10.102
LinuxLinux Kernel Version >= 3.11 < 3.12.60
LinuxLinux Kernel Version >= 3.13 < 3.14.70
LinuxLinux Kernel Version >= 3.15 < 3.16.36
LinuxLinux Kernel Version >= 3.17 < 3.18.34
LinuxLinux Kernel Version >= 3.19 < 4.1.25
LinuxLinux Kernel Version >= 4.2 < 4.4.11
LinuxLinux Kernel Version >= 4.5 < 4.5.5
OracleLinux Version6
NovellSuse Linux Enterprise Debuginfo Version11.0 Updatesp4
NovellSuse Linux Enterprise Server Version11.0 Updateextra
NovellSuse Linux Enterprise Server Version11.0 Updatesp4
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.51% 0.395
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html
Third Party Advisory
Mailing List
http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html
Third Party Advisory
http://www.debian.org/security/2016/dsa-3607
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3083
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3096
Third Party Advisory
http://www.ubuntu.com/usn/USN-3021-1
Third Party Advisory
http://www.ubuntu.com/usn/USN-3021-2
Third Party Advisory
http://www.ubuntu.com/usn/USN-3016-1
Third Party Advisory
http://www.ubuntu.com/usn/USN-3016-2
Third Party Advisory
http://www.ubuntu.com/usn/USN-3016-3
Third Party Advisory
http://www.ubuntu.com/usn/USN-3016-4
Third Party Advisory
http://www.ubuntu.com/usn/USN-3017-1
Third Party Advisory
http://www.ubuntu.com/usn/USN-3017-2
Third Party Advisory
http://www.ubuntu.com/usn/USN-3017-3
Third Party Advisory
http://www.ubuntu.com/usn/USN-3018-1
Third Party Advisory
http://www.ubuntu.com/usn/USN-3018-2
Third Party Advisory
http://www.ubuntu.com/usn/USN-3019-1
Third Party Advisory
http://www.ubuntu.com/usn/USN-3020-1
Third Party Advisory
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5
Vendor Advisory
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=99d825822eade8d827a1817357cbf3f889a552d6
Vendor Advisory
http://www.openwall.com/lists/oss-security/2016/05/18/3
Patch
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2016/05/18/5
Patch
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/90730
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1337528
Third Party Advisory
VDB Entry
Issue Tracking
https://github.com/torvalds/linux/commit/99d825822eade8d827a1817357cbf3f889a552d6
Vendor Advisory