CVE-2016-9576

 

Published at: - 28-12-2016 08:59

Last modified: - 17-01-2023 10:05

Total changes: - 4

Description

The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 4.8.14 does not properly restrict the type of iterator, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

 

Verification logic

 

Reference

• https://github.com/torvalds/linux/commit/a0ac402cfcdc904f9772e1762b3fda112dcc56a0
• https://bugzilla.redhat.com/show_bug.cgi?id=1403145
• [oss-security] 20161209 Linux Kernel use-after-free in SCSI generic device interface-Mailing List, Patch, Third Party Advisory
• http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.14
• http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a0ac402cfcdc904f9772e1762b3fda112dcc56a0
• 94821-Third Party Advisory, VDB Entry
• openSUSE-SU-2016:3086-Mailing List, Third Party Advisory
• openSUSE-SU-2016:3085-Mailing List, Third Party Advisory
• SUSE-SU-2016:3252-Mailing List, Third Party Advisory
• SUSE-SU-2016:3248-Mailing List, Third Party Advisory
• SUSE-SU-2016:3217-Mailing List, Third Party Advisory
• SUSE-SU-2016:3203-Mailing List, Third Party Advisory
• SUSE-SU-2016:3188-Mailing List, Third Party Advisory
• SUSE-SU-2016:3146-Mailing List, Third Party Advisory
• openSUSE-SU-2016:3118-Mailing List, Third Party Advisory
• RHSA-2017:2669-Third Party Advisory
• RHSA-2017:2077-Third Party Advisory
• RHSA-2017:1842-Third Party Advisory
• RHSA-2017:0817-Third Party Advisory

 

Keywords

NVD

 

CVE-2016-9576

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures