CVE-2016-2547

Опубликовано: 19 янв. 2016

Источник: redhat

CVSS2: 5.4

EPSS Низкий

Описание

sound/core/timer.c in the Linux kernel before 4.4.1 employs a locking approach that does not consider slave timer instances, which allows local users to cause a denial of service (race condition, use-after-free, and system crash) via a crafted ioctl call.

Отчет

This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/. This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG-2, as the flaw was already fixed in the products listed.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 5	kernel	Will not fix
Red Hat Enterprise Linux 6	kernel	Will not fix
Red Hat Enterprise Linux 7	kernel	Not affected
Red Hat Enterprise Linux 7	kernel-rt	Not affected
Red Hat Enterprise MRG 2	realtime-kernel	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-416

https://bugzilla.redhat.com/show_bug.cgi?id=1311566kernel: sound: use-after-free in snd_timer_user_ioctl

EPSS

Процентиль: 21%

0.00067

Низкий

5.4 Medium

CVSS2

Связанные уязвимости

CVE-2016-2547

CVSS3: 5.1

ubuntu

больше 9 лет назад

CVE-2016-2547

CVSS3: 5.1

nvd

больше 9 лет назад

CVE-2016-2547

CVSS3: 5.1

debian

больше 9 лет назад

sound/core/timer.c in the Linux kernel before 4.4.1 employs a locking ...

GHSA-6r2j-xhpv-h8w5

CVSS3: 5.1

github

около 3 лет назад

ELSA-2018-4145

oracle-oval

около 7 лет назад

ELSA-2018-4145: Unbreakable Enterprise kernel security update (IMPORTANT)

EPSS

Процентиль: 21%

0.00067

Низкий

5.4 Medium

CVSS2