CVE-2016-10044

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The aio_mount function in fs/aio.c in the Linux kernel before 4.7.7 does not properly restrict execute access, which makes it easier for local users to bypass intended SELinux W^X policy restrictions, and consequently gain privileges, via an io_setup system call.

References

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=22f6b4d34fcf039c63a94e7670e0da24f8575a5a

http://source.android.com/security/bulletin/2017-02-01.html

http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.7

http://www.securityfocus.com/bid/96122

http://www.securitytracker.com/id/1037798

https://github.com/torvalds/linux/commit/22f6b4d34fcf039c63a94e7670e0da24f8575a5a

Details

Source: MITRE

Published: 2017-02-07

Updated: 2017-07-25

Type: CWE-264

Risk Information

CVSS v2

Base Score: 7.2

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.9

Severity: HIGH

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1.8

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions up to 4.7.6 (inclusive)

Configuration 2

OR

cpe:2.3:o:google:android:*:*:*:*:*:*:*:* versions up to 7.1.1 (inclusive)

Tenable Plugins

View all (14 total)

IDNameProductFamilySeverity
124828EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1505)NessusHuawei Local Security Checks
critical
124815EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1491)NessusHuawei Local Security Checks
critical
106469OracleVM 3.4 : Unbreakable / etc (OVMSA-2018-0015) (BlueBorne) (Meltdown) (Spectre) (Stack Clash)NessusOracleVM Local Security Checks
critical
105248OracleVM 3.4 : Unbreakable / etc (OVMSA-2017-0174) (BlueBorne) (Dirty COW) (Stack Clash)NessusOracleVM Local Security Checks
high
105247Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3659)NessusOracle Linux Local Security Checks
high
105147OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0173) (BlueBorne) (Stack Clash)NessusOracleVM Local Security Checks
high
105145Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2017-3658)NessusOracle Linux Local Security Checks
high
105144Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3657)NessusOracle Linux Local Security Checks
high
104454OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0168)NessusOracleVM Local Security Checks
high
104371Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2017-3637)NessusOracle Linux Local Security Checks
high
104370Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3636)NessusOracle Linux Local Security Checks
high
103326Ubuntu 14.04 LTS : linux vulnerabilities (USN-3422-1) (BlueBorne)NessusUbuntu Local Security Checks
high
100320SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:1360-1)NessusSuSE Local Security Checks
critical
100150SUSE SLES12 Security Update : kernel (SUSE-SU-2017:1247-1)NessusSuSE Local Security Checks
critical