Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-6156

Опубликовано: 04 июл. 2016
Источник: redhat
CVSS3: 5.3
CVSS2: 3.3
EPSS Низкий

Описание

Race condition in the ec_device_ioctl_xcmd function in drivers/platform/chrome/cros_ec_dev.c in the Linux kernel before 4.7 allows local users to cause a denial of service (out-of-bounds array access) by changing a certain size value, aka a "double fetch" vulnerability.

A timing flaw was found in the Chrome EC driver in the Linux kernel. An attacker could abuse timing to skip validation checks to copy additional data from userspace possibly increasing privilege or crashing the system.

Отчет

This issue does not affect Red Hat Enterprise Linux products as they have not included this feature in any shipping products.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelNot affected
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelNot affected
Red Hat Enterprise Linux 7kernel-rtNot affected
Red Hat Enterprise Linux Extended Update Support 7.2kernelNot affected
Red Hat Enterprise MRG 2realtime-kernelNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-362
https://bugzilla.redhat.com/show_bug.cgi?id=1353490kernel: Race condition vulnerability in Chrome driver

EPSS

Процентиль: 13%
0.00043
Низкий

5.3 Medium

CVSS3

3.3 Low

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-6156

CVSS3: 5.1
ubuntu
больше 9 лет назад

Race condition in the ec_device_ioctl_xcmd function in drivers/platform/chrome/cros_ec_dev.c in the Linux kernel before 4.7 allows local users to cause a denial of service (out-of-bounds array access) by changing a certain size value, aka a "double fetch" vulnerability.

nvd логотип

CVE-2016-6156

CVSS3: 5.1
nvd
больше 9 лет назад

Race condition in the ec_device_ioctl_xcmd function in drivers/platform/chrome/cros_ec_dev.c in the Linux kernel before 4.7 allows local users to cause a denial of service (out-of-bounds array access) by changing a certain size value, aka a "double fetch" vulnerability.

debian логотип

CVE-2016-6156

CVSS3: 5.1
debian
больше 9 лет назад

Race condition in the ec_device_ioctl_xcmd function in drivers/platfor ...

github логотип

GHSA-v2x3-97gq-36gp

CVSS3: 5.1
github
больше 3 лет назад

Race condition in the ec_device_ioctl_xcmd function in drivers/platform/chrome/cros_ec_dev.c in the Linux kernel before 4.7 allows local users to cause a denial of service (out-of-bounds array access) by changing a certain size value, aka a "double fetch" vulnerability.

EPSS

Процентиль: 13%
0.00043
Низкий

5.3 Medium

CVSS3

3.3 Low

CVSS2