CVE-2016-10741

Опубликовано: 08 нояб. 2016

Источник: redhat

CVSS3: 4.7

Описание

In the Linux kernel before 4.9.3, fs/xfs/xfs_aops.c allows local users to cause a denial of service (system crash) because there is a race condition between direct and memory-mapped I/O (associated with a hole) that is handled with BUG_ON instead of an I/O failure.

It was found that the Linux kernel can hit a BUG_ON() statement in the __xfs_get_blocks() in the fs/xfs/xfs_aops.c because of a race condition between direct and memory-mapped I/O associated with a hole in a file that is handled with BUG_ON() instead of an I/O failure. This allows a local unprivileged attacker to cause a system crash and a denial of service.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	kernel	Will not fix
Red Hat Enterprise Linux 6	kernel	Will not fix
Red Hat Enterprise Linux 7	kernel-alt	Not affected
Red Hat Enterprise Linux 8	kernel	Not affected
Red Hat Enterprise Linux 8	kernel-rt	Not affected
Red Hat Enterprise Linux 7	kernel-rt	Fixed	RHSA-2017:2077	01.08.2017
Red Hat Enterprise Linux 7	kernel	Fixed	RHSA-2017:1842	01.08.2017
Red Hat Enterprise MRG 2	kernel-rt	Fixed	RHSA-2017:2669	06.09.2017

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-369

https://bugzilla.redhat.com/show_bug.cgi?id=1671869kernel: race condition between direct and memory-mapped I/O in fs/xfs/xfs_aops.c

4.7 Medium

CVSS3

Связанные уязвимости

CVE-2016-10741

CVSS3: 4.7

ubuntu

около 7 лет назад

CVE-2016-10741

CVSS3: 4.7

nvd

около 7 лет назад

CVE-2016-10741

CVSS3: 4.7

debian

около 7 лет назад

In the Linux kernel before 4.9.3, fs/xfs/xfs_aops.c allows local users ...

GHSA-vwf4-9qqv-87g9

CVSS3: 4.7

github

больше 3 лет назад

SUSE-SU-2019:13979-1

suse-cvrf

почти 7 лет назад

Security update for the Linux Kernel

4.7 Medium

CVSS3