CVE-2016-2143

Опубликовано: 01 июн. 2016

Источник: redhat

CVSS3: 7.8

CVSS2: 6.2

Описание

The fork implementation in the Linux kernel before 4.5 on s390 platforms mishandles the case of four page-table levels, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted application, related to arch/s390/include/asm/mmu_context.h and arch/s390/include/asm/pgalloc.h.

It was reported that on s390x, the fork of a process with four page table levels will cause memory corruption with a variety of symptoms. All processes are created with three level page table and a limit of 4TB for the address space. If the parent process has four page table levels with a limit of 8PB, the function that duplicates the address space will try to copy memory areas outside of the address space limit for the child process.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	kernel	Not affected
Red Hat Enterprise Linux 7	kernel-rt	Not affected
Red Hat Enterprise MRG 2	realtime-kernel	Not affected
Red Hat Enterprise Linux 6	kernel	Fixed	RHSA-2016:2766	15.11.2016
Red Hat Enterprise Linux 7	kernel	Fixed	RHSA-2016:1539	02.08.2016

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-119

https://bugzilla.redhat.com/show_bug.cgi?id=1308908kernel: Fork of large process causes memory corruption

7.8 High

CVSS3

6.2 Medium

CVSS2

Связанные уязвимости

CVE-2016-2143

CVSS3: 7.8

ubuntu

около 9 лет назад

CVE-2016-2143

CVSS3: 7.8

nvd

около 9 лет назад

CVE-2016-2143

CVSS3: 7.8

debian

около 9 лет назад

The fork implementation in the Linux kernel before 4.5 on s390 platfor ...

GHSA-h8j9-2jj6-73jj

CVSS3: 7.8

github

около 3 лет назад

ELSA-2016-2766

oracle-oval

больше 8 лет назад

ELSA-2016-2766: kernel security and bug fix update (IMPORTANT)

7.8 High

CVSS3

6.2 Medium

CVSS2