Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-0821

Опубликовано: 10 сент. 2015
Источник: redhat
CVSS2: 4.3
EPSS Низкий

Описание

The LIST_POISON feature in include/linux/poison.h in the Linux kernel before 4.3, as used in Android 6.0.1 before 2016-03-01, does not properly consider the relationship to the mmap_min_addr value, which makes it easier for attackers to bypass a poison-pointer protection mechanism by triggering the use of an uninitialized list entry, aka Android internal bug 26186802, a different vulnerability than CVE-2015-3636.

Отчет

This issue affects versions of the kernel shipped with Red Hat Enterprise Linux 5, 6, 7 and MRG-2 realtime kernels. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/ .

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelWill not fix
Red Hat Enterprise Linux 6kernelWill not fix
Red Hat Enterprise Linux 7kernelWill not fix
Red Hat Enterprise Linux 7kernel-rtWill not fix
Red Hat Enterprise MRG 2realtime-kernelWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=1317571kernel: Too big poison pointer space

EPSS

Процентиль: 1%
0.0001
Низкий

4.3 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-0821

CVSS3: 5.5
ubuntu
почти 10 лет назад

The LIST_POISON feature in include/linux/poison.h in the Linux kernel before 4.3, as used in Android 6.0.1 before 2016-03-01, does not properly consider the relationship to the mmap_min_addr value, which makes it easier for attackers to bypass a poison-pointer protection mechanism by triggering the use of an uninitialized list entry, aka Android internal bug 26186802, a different vulnerability than CVE-2015-3636.

nvd логотип

CVE-2016-0821

CVSS3: 5.5
nvd
почти 10 лет назад

The LIST_POISON feature in include/linux/poison.h in the Linux kernel before 4.3, as used in Android 6.0.1 before 2016-03-01, does not properly consider the relationship to the mmap_min_addr value, which makes it easier for attackers to bypass a poison-pointer protection mechanism by triggering the use of an uninitialized list entry, aka Android internal bug 26186802, a different vulnerability than CVE-2015-3636.

debian логотип

CVE-2016-0821

CVSS3: 5.5
debian
почти 10 лет назад

The LIST_POISON feature in include/linux/poison.h in the Linux kernel ...

github логотип

GHSA-9548-jjm6-2wmw

CVSS3: 5.5
github
больше 3 лет назад

The LIST_POISON feature in include/linux/poison.h in the Linux kernel before 4.3, as used in Android 6.0.1 before 2016-03-01, does not properly consider the relationship to the mmap_min_addr value, which makes it easier for attackers to bypass a poison-pointer protection mechanism by triggering the use of an uninitialized list entry, aka Android internal bug 26186802, a different vulnerability than CVE-2015-3636.

fstec логотип

BDU:2016-00898

fstec
почти 10 лет назад

Уязвимость операционной системы Android, позволяющая нарушителю обойти механизм защиты

EPSS

Процентиль: 1%
0.0001
Низкий

4.3 Medium

CVSS2