Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-6480

Опубликовано: 01 авг. 2016
Источник: redhat
CVSS3: 5.1
CVSS2: 4.7
EPSS Низкий

Описание

Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 4.7 allows local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a "double fetch" vulnerability.

A race condition flaw was found in the ioctl_send_fib() function in the Linux kernel's aacraid implementation. A local attacker could use this flaw to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value.

Отчет

This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/. This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG-2. Future Linux kernel updates for the respective releases might address this issue.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelWill not fix
Red Hat Enterprise MRG 2realtime-kernelAffected
Red Hat Enterprise Linux 6kernelFixedRHSA-2017:081721.03.2017
Red Hat Enterprise Linux 7kernel-rtFixedRHSA-2016:258403.11.2016
Red Hat Enterprise Linux 7kernelFixedRHSA-2016:257403.11.2016

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-362
https://bugzilla.redhat.com/show_bug.cgi?id=1362466kernel: scsi: aacraid: double fetch in ioctl_send_fib()

EPSS

Процентиль: 20%
0.00062
Низкий

5.1 Medium

CVSS3

4.7 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-6480

CVSS3: 5.1
ubuntu
почти 9 лет назад

Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 4.7 allows local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a "double fetch" vulnerability.

nvd логотип

CVE-2016-6480

CVSS3: 5.1
nvd
почти 9 лет назад

Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 4.7 allows local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a "double fetch" vulnerability.

debian логотип

CVE-2016-6480

CVSS3: 5.1
debian
почти 9 лет назад

Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/ ...

suse-cvrf логотип

SUSE-SU-2016:2230-1

suse-cvrf
почти 9 лет назад

Security update for Linux Kernel Live Patch 7 for SLE 12 SP1

github логотип

GHSA-fpmx-jmvg-qwh2

CVSS3: 5.1
github
около 3 лет назад

Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 4.7 allows local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a "double fetch" vulnerability.

EPSS

Процентиль: 20%
0.00062
Низкий

5.1 Medium

CVSS3

4.7 Medium

CVSS2