SUSE Linux update for Linux Kernel Live Patch 7 for SLE 12 SP1
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2016-6480 |
| CWE-ID | CWE-362 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Oracle VM Server for x86 Server applications / Other server solutions Oracle Linux Operating systems & Components / Operating system |
| Vendor | Oracle |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Race condition
EUVDB-ID: #VU359
Risk: Medium
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-6480
Exploit availability: No
DescriptionThe vulnerability allows local users to provoke a denial of service.
The vulnerability exists due to parafunction of ioctl_send_fib. By altering "double fetch" vulnerability, a local user can provoke a denial of service.
Successful exploitation of this vulnerability will allow an attacker to cause a denial of service
MitigationUpdate the affected packages.
Oracle VM Server for x86: 3.2 - 3.4
Oracle Linux: 5 - 7
CPE2.3- cpe:2.3:a:oracle:oracle_vm_server_for_x86:3.4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:oracle_vm_server_for_x86:3.2:*:*:*:*:*:*:*
- cpe:2.3:o:oracle:oracle_linux:7:*:*:*:*:*:*:*
- cpe:2.3:o:oracle:oracle_linux:6:*:*:*:*:*:*:*
- cpe:2.3:o:oracle:oracle_linux:5:*:*:*:*:*:*:*
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00001.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
