SB2016062910 - Fedora 23 update for kernel 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2016062910

SB2016062910 - Fedora 23 update for kernel

Published: June 29, 2016 Updated: April 24, 2025

Security Bulletin ID SB2016062910
Severity
Medium
Patch available
YES
Number of vulnerabilities 6
Exploitation vector Local access
Highest impact Code execution

Breakdown by Severity

Medium 17% Low 83%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 6 secuirty vulnerabilities.


1) Resource exhaustion (CVE-ID: CVE-2016-1583)

The vulnerability allows a local attacker to cause DoS condition and gain elevated privileges on the target system.

The weakness exists in the ecryptfs_privileged_open function in fs/ecryptfs/kthread.c due to stack memory consumption. A local attacker can cause the service to crash and gain elevated privileges via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling.

2) Data handling (CVE-ID: CVE-2016-4470)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists in the key_reject_and_link function in security/keys/key.c due to it does not ensure that a certain data structure is initialized. A local attacker can cause the service to crash via vectors involving a crafted keyctl request2 command.

3) Memory corruption (CVE-ID: CVE-2016-4998)

The vulnerability allows a local user to cause denial of service conditions on the target system.

The vulnerability exists due to memory access error. A local user can cause the target sysetm to crash by issuing a specially crafted IPT_SO_SET_REPLACE setsockopt() call.

Successful exploitation of this vulnerability may result in the crash of the target sysetm.

4) Heap-based buffer overflow (CVE-ID: CVE-2016-5829)

The vulnerability allows a local attacker to cause DoS condition or gain elevated privileges on the target system.

The weakness exists in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c  due to heap-based buffer overflow. A local attacker can cause the service to crash or gain elevated privileges via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call.

5) Buffer overflow (CVE-ID: CVE-2016-5728)

The vulnerability allows a local authenticated user to #BASIC_IMPACT#.

Race condition in the vop_ioctl function in drivers/misc/mic/vop/vop_vringh.c in the MIC VOP driver in the Linux kernel before 4.6.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (memory corruption and system crash) by changing a certain header, aka a "double fetch" vulnerability.


6) Improper access control (CVE-ID: CVE-2016-1237)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to improper access control error within the nfsd4_set_nfs4_acl() function in fs/nfsd/nfs4acl.c, within the nfsd3_proc_setacl() function in fs/nfsd/nfs3acl.c, within the nfsacld_proc_setacl() and posix_acl_release() functions in fs/nfsd/nfs2acl.c. A local user can gain access to sensitive information.


Remediation

Install update from vendor's website.

References