Main Vulnerability Database SB2016111105

SB2016111105 - Ubuntu update for Linux kernel (Xenial HWE)

Published: November 11, 2016

Security Bulletin ID SB2016111105

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Denial of service (CVE-ID: CVE-2016-7042)

The vulnerability allows a local user to cause DoS conditions on the target system.
The weakness exists due to using of incorrect buffer size for certain timeout data by the proc_keys_show function in security/keys/proc.c while enabling of GNU Compiler Collection (gcc) stack protector. By reading the /proc/keys file attackers can trigger stack memory corruption.
Successful exploitation of the vulnerability may result in denial of service on the vulnerable system.

Remediation

Install update from vendor's website.

References

http://www.ubuntu.com/usn/usn-3128-2/