Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-7912

Опубликовано: 14 апр. 2016
Источник: redhat
CVSS3: 7.8
CVSS2: 9.3

Описание

Use-after-free vulnerability in the ffs_user_copy_worker function in drivers/usb/gadget/function/f_fs.c in the Linux kernel before 4.5.3 allows local users to gain privileges by accessing an I/O data structure after a certain callback call.

Use-after-free vulnerability in the ffs_user_copy_worker function in drivers/usb/gadget/function/f_fs.c in the Linux kernel before 4.5.3 allows local users to gain privileges by accessing an I/O data structure after a certain callback call. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.

Отчет

This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG-2 as the code with the flaw is not present in the products listed.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelNot affected
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelNot affected
Red Hat Enterprise Linux 7kernel-rtNot affected
Red Hat Enterprise MRG 2realtime-kernelNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-416
https://bugzilla.redhat.com/show_bug.cgi?id=1403747kernel: media: use-after-free in USB gadget driver

7.8 High

CVSS3

9.3 Critical

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-7912

CVSS3: 7.8
ubuntu
около 9 лет назад

Use-after-free vulnerability in the ffs_user_copy_worker function in drivers/usb/gadget/function/f_fs.c in the Linux kernel before 4.5.3 allows local users to gain privileges by accessing an I/O data structure after a certain callback call.

nvd логотип

CVE-2016-7912

CVSS3: 7.8
nvd
около 9 лет назад

Use-after-free vulnerability in the ffs_user_copy_worker function in drivers/usb/gadget/function/f_fs.c in the Linux kernel before 4.5.3 allows local users to gain privileges by accessing an I/O data structure after a certain callback call.

debian логотип

CVE-2016-7912

CVSS3: 7.8
debian
около 9 лет назад

Use-after-free vulnerability in the ffs_user_copy_worker function in d ...

github логотип

GHSA-rcjx-c5rp-m8jj

CVSS3: 7.8
github
больше 3 лет назад

Use-after-free vulnerability in the ffs_user_copy_worker function in drivers/usb/gadget/function/f_fs.c in the Linux kernel before 4.5.3 allows local users to gain privileges by accessing an I/O data structure after a certain callback call.

7.8 High

CVSS3

9.3 Critical

CVSS2

Уязвимость CVE-2016-7912