Fedora 23 update for kernel
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 6 |
| CVE-ID | CVE-2016-1583 CVE-2016-4470 CVE-2016-4998 CVE-2016-5829 CVE-2016-5728 CVE-2016-1237 |
| CWE-ID | CWE-400 CWE-19 CWE-119 CWE-122 CWE-284 |
| Exploitation vector | Local |
| Public exploit | Public exploit code for vulnerability #1 is available. |
| Vulnerable software |
Fedora Operating systems & Components / Operating system kernel Operating systems & Components / Operating system package or component |
| Vendor | Fedoraproject |
Security Bulletin
This security bulletin contains information about 6 vulnerabilities.
1) Resource exhaustion
EUVDB-ID: #VU4062
Risk: Low
CVSSv4.0: 7.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2016-1583
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: Yes
DescriptionThe vulnerability allows a local attacker to cause DoS condition and gain elevated privileges on the target system.
The weakness exists in the ecryptfs_privileged_open function in fs/ecryptfs/kthread.c due to stack memory consumption. A local attacker can cause the service to crash and gain elevated privileges via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 23
kernel: before 4.5.7-202.fc23
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2016-73a733f4d9
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) Data handling
EUVDB-ID: #VU3800
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2016-4470
CWE-ID:
CWE-19 - Data Handling
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition on the target system.
The weakness exists in the key_reject_and_link function in security/keys/key.c due to it does not ensure that a certain data structure is initialized. A local attacker can cause the service to crash via vectors involving a crafted keyctl request2 command.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 23
kernel: before 4.5.7-202.fc23
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2016-73a733f4d9
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Memory corruption
EUVDB-ID: #VU28
Risk: Medium
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2016-4998
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to cause denial of service conditions on the target system.
The vulnerability exists due to memory access error. A local user can cause the target sysetm to crash by issuing a specially crafted IPT_SO_SET_REPLACE setsockopt() call.
Successful exploitation of this vulnerability may result in the crash of the target sysetm.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 23
kernel: before 4.5.7-202.fc23
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2016-73a733f4d9
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Heap-based buffer overflow
EUVDB-ID: #VU4080
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2016-5829
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition or gain elevated privileges on the target system.
The weakness exists in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c due to heap-based buffer overflow. A local attacker can cause the service to crash or gain elevated privileges via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 23
kernel: before 4.5.7-202.fc23
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2016-73a733f4d9
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Buffer overflow
EUVDB-ID: #VU40222
Risk: Low
CVSSv4.0: 2 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2016-5728
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to #BASIC_IMPACT#.
Race condition in the vop_ioctl function in drivers/misc/mic/vop/vop_vringh.c in the MIC VOP driver in the Linux kernel before 4.6.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (memory corruption and system crash) by changing a certain header, aka a "double fetch" vulnerability.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 23
kernel: before 4.5.7-202.fc23
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2016-73a733f4d9
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Improper access control
EUVDB-ID: #VU92457
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2016-1237
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to improper access control error within the nfsd4_set_nfs4_acl() function in fs/nfsd/nfs4acl.c, within the nfsd3_proc_setacl() function in fs/nfsd/nfs3acl.c, within the nfsacld_proc_setacl() and posix_acl_release() functions in fs/nfsd/nfs2acl.c. A local user can gain access to sensitive information.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 23
kernel: before 4.5.7-202.fc23
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2016-73a733f4d9
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
