CVE-2016-4565

 

Published at: - 23-05-2016 12:59

Last modified: - 17-01-2023 10:40

Total changes: - 4

Description

The InfiniBand (aka IB) stack in the Linux kernel before 4.5.3 incorrectly relies on the write system call, which allows local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

 

Verification logic

 

Reference

• https://github.com/torvalds/linux/commit/e6bd18f57aad1a2d1ef40e646d03ed0f2515c9e3
• http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.3
• [oss-security] 20160507 CVE Request: Linux: IB/security: Restrict use of the write() interface'-Mailing List, Third Party Advisory
• http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e6bd18f57aad1a2d1ef40e646d03ed0f2515c9e3
• https://bugzilla.redhat.com/show_bug.cgi?id=1310570
• USN-3018-1-Third Party Advisory
• USN-3019-1-Third Party Advisory
• USN-3018-2-Third Party Advisory
• RHSA-2016:1341-Third Party Advisory
• RHSA-2016:1277-Third Party Advisory
• RHSA-2016:1301-Third Party Advisory
• USN-3002-1-Third Party Advisory
• USN-3001-1-Third Party Advisory
• USN-3004-1-Third Party Advisory
• USN-3003-1-Third Party Advisory
• USN-3021-1-Third Party Advisory
• USN-3005-1-Third Party Advisory
• USN-3021-2-Third Party Advisory
• USN-3007-1-Third Party Advisory
• SUSE-SU-2016:1672-Mailing List, Third Party Advisory
• SUSE-SU-2016:1690-Mailing List, Third Party Advisory
• USN-3006-1-Third Party Advisory
• SUSE-SU-2016:1937-Mailing List, Third Party Advisory
• http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
• http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
• http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
• SUSE-SU-2016:1995-Mailing List, Third Party Advisory
• SUSE-SU-2016:2000-Mailing List, Third Party Advisory
• 90301-Third Party Advisory, VDB Entry
• DSA-3607-Third Party Advisory
• SUSE-SU-2016:2014-Mailing List, Third Party Advisory
• SUSE-SU-2016:2010-Mailing List, Third Party Advisory
• openSUSE-SU-2016:1641-Mailing List, Third Party Advisory
• SUSE-SU-2016:2001-Mailing List, Third Party Advisory
• SUSE-SU-2016:1994-Mailing List, Third Party Advisory
• RHSA-2016:1617-Third Party Advisory
• SUSE-SU-2016:2011-Mailing List, Third Party Advisory
• RHSA-2016:1581-Third Party Advisory
• RHSA-2016:1657-Third Party Advisory
• SUSE-SU-2016:2002-Mailing List, Third Party Advisory
• SUSE-SU-2016:1961-Mailing List, Third Party Advisory
• SUSE-SU-2016:2006-Mailing List, Third Party Advisory
• RHSA-2016:1489-Third Party Advisory
• SUSE-SU-2016:2007-Mailing List, Third Party Advisory
• SUSE-SU-2016:1985-Mailing List, Third Party Advisory
• openSUSE-SU-2016:2184-Mailing List, Third Party Advisory
• RHSA-2016:1640-Third Party Advisory
• SUSE-SU-2016:2003-Mailing List, Third Party Advisory
• SUSE-SU-2016:2005-Mailing List, Third Party Advisory
• SUSE-SU-2016:2105-Mailing List, Third Party Advisory
• RHSA-2016:1814-Third Party Advisory
• SUSE-SU-2016:2009-Mailing List, Third Party Advisory
• RHSA-2016:1406-Third Party Advisory

 

Keywords

NVD

 

CVE-2016-4565

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures