Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-9178

Опубликовано: 15 сент. 2016
Источник: redhat
CVSS3: 3.3
CVSS2: 1.9
EPSS Низкий

Описание

The __get_user_asm_ex macro in arch/x86/include/asm/uaccess.h in the Linux kernel before 4.7.5 does not initialize a certain integer variable, which allows local users to obtain sensitive information from kernel stack memory by triggering failure of a get_user_ex call.

Отчет

This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 as the code which can trigger the flaw is not present in the products listed. This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and MRG-2. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelNot affected
Red Hat Enterprise Linux 6kernelWill not fix
Red Hat Enterprise Linux 7kernelWill not fix
Red Hat Enterprise Linux 7kernel-rtWill not fix
Red Hat Enterprise MRG 2realtime-kernelWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-200
https://bugzilla.redhat.com/show_bug.cgi?id=1391908kernel: Information leak in get_user_ex function

EPSS

Процентиль: 22%
0.0007
Низкий

3.3 Low

CVSS3

1.9 Low

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-9178

CVSS3: 5.5
ubuntu
больше 8 лет назад

The __get_user_asm_ex macro in arch/x86/include/asm/uaccess.h in the Linux kernel before 4.7.5 does not initialize a certain integer variable, which allows local users to obtain sensitive information from kernel stack memory by triggering failure of a get_user_ex call.

nvd логотип

CVE-2016-9178

CVSS3: 5.5
nvd
больше 8 лет назад

The __get_user_asm_ex macro in arch/x86/include/asm/uaccess.h in the Linux kernel before 4.7.5 does not initialize a certain integer variable, which allows local users to obtain sensitive information from kernel stack memory by triggering failure of a get_user_ex call.

debian логотип

CVE-2016-9178

CVSS3: 5.5
debian
больше 8 лет назад

The __get_user_asm_ex macro in arch/x86/include/asm/uaccess.h in the L ...

github логотип

GHSA-x43g-x8g8-q2qc

CVSS3: 5.5
github
около 3 лет назад

The __get_user_asm_ex macro in arch/x86/include/asm/uaccess.h in the Linux kernel before 4.7.5 does not initialize a certain integer variable, which allows local users to obtain sensitive information from kernel stack memory by triggering failure of a get_user_ex call.

suse-cvrf логотип

openSUSE-SU-2016:3058-1

suse-cvrf
больше 8 лет назад

Security update for the Linux Kernel

EPSS

Процентиль: 22%
0.0007
Низкий

3.3 Low

CVSS3

1.9 Low

CVSS2