CVE-2016-7425

Опубликовано: 15 сент. 2016

Источник: redhat

CVSS3: 5.3

CVSS2: 4.4

Описание

The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel through 4.8.2 does not restrict a certain length field, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code.

A heap-buffer overflow vulnerability was found in the arcmsr_iop_message_xfer() function in 'drivers/scsi/arcmsr/arcmsr_hba.c' file in the Linux kernel through 4.8.2. The function does not restrict a certain length field, which allows local users to gain privileges or cause a denial of service via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code. This can potentially cause kernel heap corruption and arbitrary kernel code execution.

Отчет

This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5. 6, 7 and Red Hat Enterprise MRG-2 as only the privileged user can exploit the flaw.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 5	kernel	Will not fix
Red Hat Enterprise Linux 6	kernel	Will not fix
Red Hat Enterprise Linux 7	kernel	Will not fix
Red Hat Enterprise Linux 7	kernel-rt	Will not fix
Red Hat Enterprise MRG 2	realtime-kernel	Will not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-122

https://bugzilla.redhat.com/show_bug.cgi?id=1377330kernel: SCSI arcmsr driver: Buffer overflow in arcmsr_iop_message_xfer()

5.3 Medium

CVSS3

4.4 Medium

CVSS2

Связанные уязвимости

CVE-2016-7425

CVSS3: 7.8

ubuntu

больше 8 лет назад

CVE-2016-7425

CVSS3: 7.8

nvd

больше 8 лет назад

CVE-2016-7425

CVSS3: 7.8

debian

больше 8 лет назад

The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba ...

GHSA-268m-95p3-rgg5

CVSS3: 7.8

github

около 3 лет назад

openSUSE-SU-2016:2583-1

suse-cvrf

больше 8 лет назад

Security update for the Linux Kernel

5.3 Medium

CVSS3

4.4 Medium

CVSS2