CVE-2016-2069

Опубликовано: 25 янв. 2016

Источник: redhat

CVSS3: 4.9

CVSS2: 3.7

EPSS Низкий

Описание

Race condition in arch/x86/mm/tlb.c in the Linux kernel before 4.4.1 allows local users to gain privileges by triggering access to a paging structure by a different CPU.

A flaw was discovered in the way the Linux kernel dealt with paging structures. When the kernel invalidated a paging structure that was not in use locally, it could, in principle, race against another CPU that is switching to a process that uses the paging structure in question. A local user could use a thread running with a stale cached virtual->physical translation to potentially escalate their privileges if the translation in question were writable and the physical page got reused for something critical (for example, a page table).

Отчет

This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/. This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and MRG-2. Future Linux kernel updates for the respective releases might address this issue.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	kernel	Will not fix
Red Hat Enterprise MRG 2	realtime-kernel	Affected
Red Hat Enterprise Linux 6	kernel	Fixed	RHSA-2017:0817	21.03.2017
Red Hat Enterprise Linux 7	kernel-rt	Fixed	RHSA-2016:2584	03.11.2016
Red Hat Enterprise Linux 7	kernel	Fixed	RHSA-2016:2574	03.11.2016

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-266

https://bugzilla.redhat.com/show_bug.cgi?id=1301893kernel: race condition in the TLB flush logic

EPSS

Процентиль: 20%

0.00063

Низкий

4.9 Medium

CVSS3

3.7 Low

CVSS2

Связанные уязвимости

CVE-2016-2069

CVSS3: 7.4

ubuntu

около 9 лет назад

Race condition in arch/x86/mm/tlb.c in the Linux kernel before 4.4.1 allows local users to gain privileges by triggering access to a paging structure by a different CPU.

CVE-2016-2069

CVSS3: 7.4

nvd

около 9 лет назад

Race condition in arch/x86/mm/tlb.c in the Linux kernel before 4.4.1 allows local users to gain privileges by triggering access to a paging structure by a different CPU.

CVE-2016-2069

CVSS3: 7.4

debian

около 9 лет назад

Race condition in arch/x86/mm/tlb.c in the Linux kernel before 4.4.1 a ...

GHSA-c9rj-5983-h9qm

CVSS3: 7.4

github

около 3 лет назад

Race condition in arch/x86/mm/tlb.c in the Linux kernel before 4.4.1 allows local users to gain privileges by triggering access to a paging structure by a different CPU.

ELSA-2017-0817

oracle-oval

около 8 лет назад

ELSA-2017-0817: kernel security, bug fix, and enhancement update (MODERATE)

EPSS

Процентиль: 20%

0.00063

Низкий

4.9 Medium

CVSS3

3.7 Low

CVSS2