Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-7916

Опубликовано: 19 янв. 2016
Источник: redhat
CVSS3: 2.3
CVSS2: 1.5

Описание

Race condition in the environ_read function in fs/proc/base.c in the Linux kernel before 4.5.4 allows local users to obtain sensitive information from kernel memory by reading a /proc//environ file during a process-setup time interval in which environment-variable copying is incomplete.

Race condition in the environ_read() function in 'fs/proc/base.c' in the Linux kernel before 4.5.4 allows local users to obtain sensitive information from kernel memory by reading a '/proc//environ' file during a process-setup time interval in which environment-variable copying is incomplete.

Отчет

This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6 as the code with the flaw is not present in the products listed. This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG-2. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelNot affected
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelWill not fix
Red Hat Enterprise Linux 7kernel-rtWill not fix
Red Hat Enterprise MRG 2realtime-kernelWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-362
https://bugzilla.redhat.com/show_bug.cgi?id=1406085kernel: proc: prevent accessing /proc/<pid>/environ until it's ready

2.3 Low

CVSS3

1.5 Low

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-7916

CVSS3: 5.5
ubuntu
около 9 лет назад

Race condition in the environ_read function in fs/proc/base.c in the Linux kernel before 4.5.4 allows local users to obtain sensitive information from kernel memory by reading a /proc/*/environ file during a process-setup time interval in which environment-variable copying is incomplete.

nvd логотип

CVE-2016-7916

CVSS3: 5.5
nvd
около 9 лет назад

Race condition in the environ_read function in fs/proc/base.c in the Linux kernel before 4.5.4 allows local users to obtain sensitive information from kernel memory by reading a /proc/*/environ file during a process-setup time interval in which environment-variable copying is incomplete.

debian логотип

CVE-2016-7916

CVSS3: 5.5
debian
около 9 лет назад

Race condition in the environ_read function in fs/proc/base.c in the L ...

github логотип

GHSA-4mfv-78wv-cc6j

CVSS3: 5.5
github
больше 3 лет назад

Race condition in the environ_read function in fs/proc/base.c in the Linux kernel before 4.5.4 allows local users to obtain sensitive information from kernel memory by reading a /proc/*/environ file during a process-setup time interval in which environment-variable copying is incomplete.

suse-cvrf логотип

SUSE-SU-2017:0437-1

suse-cvrf
почти 9 лет назад

Security update for the Linux Kernel

2.3 Low

CVSS3

1.5 Low

CVSS2