CVE-2016-7912

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 16-11-2016 06:59

Last modified: - 19-01-2023 05:07

Total changes: - 4

Description

Use-after-free vulnerability in the ffs_user_copy_worker function in drivers/usb/gadget/function/f_fs.c in the Linux kernel before 4.5.3 allows local users to gain privileges by accessing an I/O data structure after a certain callback call.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Low

Attack complexity

Local

Attack vector

High

Availability

High

Confidentiality

High

Integrity

None

Privileges required

Unchanged

Scope

Required

User interaction

7.8

Base score

1.8

5.9

Exploitability score

Impact score

Verification logic

Reference

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=38740a5b87d53ceb89eb2c970150f6e94e00373a
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.3
https://github.com/torvalds/linux/commit/38740a5b87d53ceb89eb2c970150f6e94e00373a
http://source.android.com/security/bulletin/2016-11-01.html
94197-Third Party Advisory, VDB Entry

Keywords

CVE-2016-7912

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2016-7912

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures