CVE-2016-10208

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 06-02-2017 07:59

Last modified: - 26-10-2022 01:44

Total changes: - 3

Description

The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.9.8 does not properly validate meta block groups, which allows physically proximate attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image.

Common Vulnerability Scoring System (CVSS)

CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Low

Attack complexity

Physical

Attack vector

High

Availability

None

Confidentiality

None

Integrity

Low

Privileges required

Unchanged

Scope

None

User interaction

4.3

Base score

0.7

3.6

Exploitability score

Impact score

Verification logic

Reference

https://github.com/torvalds/linux/commit/3a4b77cd47bb837b8557595ec7425f281f2ca1fe
https://bugzilla.redhat.com/show_bug.cgi?id=1395190
[oss-security] 20170204 Re: Local DoS: Linux Kernel EXT4 Memory Corruption / SLAB-Out-of-Bounds Read-Mailing List, Patch, Third Party Advisory
20161115 OS-S 2016-22 - Local DoS: Linux Kernel EXT4 Memory Corruption / SLAB-Out-of-Bounds Read-Mailing List, Third Party Advisory
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3a4b77cd47bb837b8557595ec7425f281f2ca1fe
94354-
RHSA-2017:1308-
RHSA-2017:1298-
RHSA-2017:1297-
[debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update-
USN-3754-1-

Keywords

CVE-2016-10208

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2016-10208

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures