CVE-2016-10208

Опубликовано: 15 нояб. 2016

Источник: redhat

CVSS3: 6.2

CVSS2: 4.7

Описание

The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.9.8 does not properly validate meta block groups, which allows physically proximate attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image.

Mounting a crafted EXT4 image read-only leads to an attacker controlled memory corruption and SLAB-Out-of-Bounds reads.

Отчет

This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7, MRG-2 and realtime kernels. This has been rated as having Moderate security impact and is currently planned to be addressed in future updates. This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and 6.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	kernel	Not affected
Red Hat Enterprise Linux 6	kernel	Not affected
Red Hat Enterprise Linux 7	kernel-rt	Fixed	RHSA-2017:1298	25.05.2017
Red Hat Enterprise Linux 7	kernel	Fixed	RHSA-2017:1308	25.05.2017
Red Hat Enterprise MRG 2	kernel-rt	Fixed	RHSA-2017:1297	25.05.2017

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-125

https://bugzilla.redhat.com/show_bug.cgi?id=1395190kernel: EXT4 memory corruption / SLAB out-of-bounds read

6.2 Medium

CVSS3

4.7 Medium

CVSS2

Связанные уязвимости

CVE-2016-10208

CVSS3: 4.3

ubuntu

больше 8 лет назад

CVE-2016-10208

CVSS3: 4.3

nvd

больше 8 лет назад

CVE-2016-10208

CVSS3: 4.3

debian

больше 8 лет назад

The ext4_fill_super function in fs/ext4/super.c in the Linux kernel th ...

GHSA-g83r-mj94-3hcx

CVSS3: 4.3

github

около 3 лет назад

ELSA-2017-1308

oracle-oval

около 8 лет назад

ELSA-2017-1308: kernel security, bug fix, and enhancement update (IMPORTANT)

6.2 Medium

CVSS3

4.7 Medium

CVSS2