CVE-2016-4581

Опубликовано: 05 мая 2016

Источник: redhat

CVSS2: 4.7

EPSS Низкий

Описание

fs/pnode.c in the Linux kernel before 4.5.4 does not properly traverse a mount propagation tree in a certain case involving a slave mount, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted series of mount system calls.

Отчет

This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6, as there is no user namespace support in the products listed. This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG-2. Future Linux kernel updates for the respective releases might address this issue.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	kernel	Not affected
Red Hat Enterprise Linux 6	kernel	Not affected
Red Hat Enterprise MRG 2	realtime-kernel	Affected
Red Hat Enterprise Linux 7	kernel-rt	Fixed	RHSA-2016:2584	03.11.2016
Red Hat Enterprise Linux 7	kernel	Fixed	RHSA-2016:2574	03.11.2016

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-476

https://bugzilla.redhat.com/show_bug.cgi?id=1333712kernel: Slave being first propagated copy causes oops in propagate_mnt

EPSS

Процентиль: 20%

0.00061

Низкий

4.7 Medium

CVSS2

Связанные уязвимости

CVE-2016-4581

CVSS3: 5.5

ubuntu

около 9 лет назад

CVE-2016-4581

CVSS3: 5.5

nvd

около 9 лет назад

CVE-2016-4581

CVSS3: 5.5

debian

около 9 лет назад

fs/pnode.c in the Linux kernel before 4.5.4 does not properly traverse ...

GHSA-m632-mj54-c945

CVSS3: 5.5

github

около 3 лет назад

ELSA-2016-3596

oracle-oval

почти 9 лет назад

ELSA-2016-3596: Unbreakable Enterprise kernel security update (IMPORTANT)

EPSS

Процентиль: 20%

0.00061

Низкий

4.7 Medium

CVSS2