Denial of service in Linux kernel

1) Denial of service

EUVDB-ID: #VU1013

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2016-6327

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to cause DoS conditions on the target system.
The weakness is caused by drivers/infiniband/ulp/srpt/ib_srpt.c. By using an ABORT_TASK command attackers can abort a device write operation that leads to NULL pointer dereference and system crash.
Successful exploitation of the vulnerability results in denial of service on the vulnerable system.

Mitigation

Update to version 4.5.1.

Vulnerable software versions

Linux kernel: 3.2.78-1 - 4.6.4-1

Oracle VM Server for x86: 3.3

Oracle Linux: 7

CPE2.3

• cpe:2.3:o:linux_foundation:linux_kernel:3.2.81-1:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:3.16.7-ckt25-2 :*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:4.0.9:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:4.1.33:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:4.2.8:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:4.3.6:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:4.4.25:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:4.6.4-1 :*:*:*:*:*:*:*
• cpe:2.3:a:oracle:oracle_vm_server_for_x86:3.3:*:*:*:*:*:*:*
• cpe:2.3:o:oracle:oracle_linux:7:*:*:*:*:*:*:*

External links

https://bugzilla.redhat.com/show_bug.cgi?id=1354525
https://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
https://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.