Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-9754

Опубликовано: 13 мая 2016
Источник: redhat
CVSS3: 6.7
CVSS2: 7.2

Описание

The ring_buffer_resize function in kernel/trace/ring_buffer.c in the profiling subsystem in the Linux kernel before 4.6.1 mishandles certain integer calculations, which allows local users to gain privileges by writing to the /sys/kernel/debug/tracing/buffer_size_kb file.

An integer overflow vulnerability was found in the ring_buffer_resize() calculations in which a privileged user can adjust the size of the ringbuffer message size. These calculations can create an issue where the kernel memory allocator will not allocate the correct count of pages yet expect them to be usable. This can lead to the ftrace() output to appear to corrupt kernel memory and possibly be used for privileged escalation or more likely kernel panic.

Отчет

This issue does not affect the Linux kernels as shipped with Red Hat Enterprise Linux 5,6 and 7 kernels.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelNot affected
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelNot affected
Red Hat Enterprise Linux 7kernel-rtNot affected
Red Hat Enterprise MRG 2realtime-kernelNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-190
https://bugzilla.redhat.com/show_bug.cgi?id=1410370kernel: Integer overflow in ring_buffer_resize()

6.7 Medium

CVSS3

7.2 High

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-9754

CVSS3: 7.8
ubuntu
около 9 лет назад

The ring_buffer_resize function in kernel/trace/ring_buffer.c in the profiling subsystem in the Linux kernel before 4.6.1 mishandles certain integer calculations, which allows local users to gain privileges by writing to the /sys/kernel/debug/tracing/buffer_size_kb file.

nvd логотип

CVE-2016-9754

CVSS3: 7.8
nvd
около 9 лет назад

The ring_buffer_resize function in kernel/trace/ring_buffer.c in the profiling subsystem in the Linux kernel before 4.6.1 mishandles certain integer calculations, which allows local users to gain privileges by writing to the /sys/kernel/debug/tracing/buffer_size_kb file.

debian логотип

CVE-2016-9754

CVSS3: 7.8
debian
около 9 лет назад

The ring_buffer_resize function in kernel/trace/ring_buffer.c in the p ...

github логотип

GHSA-795q-99jq-47p3

CVSS3: 7.8
github
больше 3 лет назад

The ring_buffer_resize function in kernel/trace/ring_buffer.c in the profiling subsystem in the Linux kernel before 4.6.1 mishandles certain integer calculations, which allows local users to gain privileges by writing to the /sys/kernel/debug/tracing/buffer_size_kb file.

fstec логотип

BDU:2017-01659

CVSS3: 7.8
fstec
больше 9 лет назад

Уязвимость функции ring_buffer_resize подсистемы профилирования ядра операционной системы Linux, позволяющая нарушителю повысить свои привилегии

6.7 Medium

CVSS3

7.2 High

CVSS2