CVE-2016-2143

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The fork implementation in the Linux kernel before 4.5 on s390 platforms mishandles the case of four page-table levels, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted application, related to arch/s390/include/asm/mmu_context.h and arch/s390/include/asm/pgalloc.h.

References

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3446c13b268af86391d06611327006b059b8bab1

http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html

http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html

http://rhn.redhat.com/errata/RHSA-2016-1539.html

http://rhn.redhat.com/errata/RHSA-2016-2766.html

http://www.debian.org/security/2016/dsa-3607

http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html

https://github.com/torvalds/linux/commit/3446c13b268af86391d06611327006b059b8bab1

https://security-tracker.debian.org/tracker/CVE-2016-2143

Details

Source: MITRE

Published: 2016-04-27

Updated: 2018-01-05

Type: CWE-20

Risk Information

CVSS v2

Base Score: 6.9

Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.4

Severity: MEDIUM

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1.8

Severity: HIGH

Tenable Plugins

View all (16 total)

IDNameProductFamilySeverity
95050Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20161115)NessusScientific Linux Local Security Checks
high
94980CentOS 6 : kernel (CESA-2016:2766)NessusCentOS Local Security Checks
high
94911RHEL 6 : kernel (RHSA-2016:2766)NessusRed Hat Local Security Checks
high
94908Oracle Linux 6 : kernel (ELSA-2016-2766)NessusOracle Linux Local Security Checks
high
93289SUSE SLES11 Security Update : kernel (SUSE-SU-2016:2074-1)NessusSuSE Local Security Checks
critical
93165SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2016:1690-1)NessusSuSE Local Security Checks
high
93164SUSE SLES11 Security Update : kernel (SUSE-SU-2016:1672-1)NessusSuSE Local Security Checks
high
92719Scientific Linux Security Update : kernel on SL7.x x86_64 (20160802)NessusScientific Linux Local Security Checks
high
92702CentOS 7 : kernel (CESA-2016:1539)NessusCentOS Local Security Checks
high
92694RHEL 7 : kernel (RHSA-2016:1539)NessusRed Hat Local Security Checks
high
92688Oracle Linux 7 : kernel (ELSA-2016-1539)NessusOracle Linux Local Security Checks
high
92007openSUSE Security Update : the Linux Kernel (openSUSE-2016-862)NessusSuSE Local Security Checks
high
91886Debian DSA-3607-1 : linux - security updateNessusDebian Local Security Checks
critical
90884SUSE SLES11 Security Update : kernel (SUSE-SU-2016:1203-1)NessusSuSE Local Security Checks
critical
90783openSUSE Security Update : the Linux Kernel (openSUSE-2016-518)NessusSuSE Local Security Checks
critical
90531SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2016:1019-1)NessusSuSE Local Security Checks
critical