Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-6198

Опубликовано: 11 июл. 2016
Источник: redhat
CVSS3: 5.5
CVSS2: 4.7
EPSS Низкий

Описание

The filesystem layer in the Linux kernel before 4.5.5 proceeds with post-rename operations after an OverlayFS file is renamed to a self-hardlink, which allows local users to cause a denial of service (system crash) via a rename system call, related to fs/namei.c and fs/open.c.

A flaw was found that the vfs_rename() function did not detect hard links on overlayfs. A local, unprivileged user could use the rename syscall on overlayfs on top of xfs to crash the system.

Отчет

This issue is not present in the Linux kernel packages as shipped with Red Hat Enterprise Linux versions 5 and 6. This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG-2. Future Linux kernel updates for the respective releases may address this issue.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelNot affected
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise MRG 2realtime-kernelAffected
Red Hat Enterprise Linux 7kernel-rtFixedRHSA-2016:187515.09.2016
Red Hat Enterprise Linux 7kernel-rtFixedRHSA-2016:258403.11.2016
Red Hat Enterprise Linux 7kernelFixedRHSA-2016:184715.09.2016
Red Hat Enterprise Linux 7kernelFixedRHSA-2016:257403.11.2016

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-362
https://bugzilla.redhat.com/show_bug.cgi?id=1355654kernel: vfs: missing detection of hardlinks in vfs_rename() on overlayfs

EPSS

Процентиль: 10%
0.00037
Низкий

5.5 Medium

CVSS3

4.7 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-6198

CVSS3: 5.5
ubuntu
почти 9 лет назад

The filesystem layer in the Linux kernel before 4.5.5 proceeds with post-rename operations after an OverlayFS file is renamed to a self-hardlink, which allows local users to cause a denial of service (system crash) via a rename system call, related to fs/namei.c and fs/open.c.

nvd логотип

CVE-2016-6198

CVSS3: 5.5
nvd
почти 9 лет назад

The filesystem layer in the Linux kernel before 4.5.5 proceeds with post-rename operations after an OverlayFS file is renamed to a self-hardlink, which allows local users to cause a denial of service (system crash) via a rename system call, related to fs/namei.c and fs/open.c.

debian логотип

CVE-2016-6198

CVSS3: 5.5
debian
почти 9 лет назад

The filesystem layer in the Linux kernel before 4.5.5 proceeds with po ...

github логотип

GHSA-pvqg-4394-gpjv

CVSS3: 5.5
github
около 3 лет назад

The filesystem layer in the Linux kernel before 4.5.5 proceeds with post-rename operations after an OverlayFS file is renamed to a self-hardlink, which allows local users to cause a denial of service (system crash) via a rename system call, related to fs/namei.c and fs/open.c.

oracle-oval логотип

ELSA-2016-3587

oracle-oval
почти 9 лет назад

ELSA-2016-3587: kernel-uek security update (IMPORTANT)

EPSS

Процентиль: 10%
0.00037
Низкий

5.5 Medium

CVSS3

4.7 Medium

CVSS2