CVE-2016-4913

HIGH

Description

The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM (aka alternate name) entries containing \0 characters, which allows local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs filesystem.

References

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=99d825822eade8d827a1817357cbf3f889a552d6

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html

http://www.debian.org/security/2016/dsa-3607

http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5

http://www.openwall.com/lists/oss-security/2016/05/18/3

http://www.openwall.com/lists/oss-security/2016/05/18/5

http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html

http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html

http://www.securityfocus.com/bid/90730

http://www.ubuntu.com/usn/USN-3016-1

http://www.ubuntu.com/usn/USN-3016-2

http://www.ubuntu.com/usn/USN-3016-3

http://www.ubuntu.com/usn/USN-3016-4

http://www.ubuntu.com/usn/USN-3017-1

http://www.ubuntu.com/usn/USN-3017-2

http://www.ubuntu.com/usn/USN-3017-3

http://www.ubuntu.com/usn/USN-3018-1

http://www.ubuntu.com/usn/USN-3018-2

http://www.ubuntu.com/usn/USN-3019-1

http://www.ubuntu.com/usn/USN-3020-1

http://www.ubuntu.com/usn/USN-3021-1

http://www.ubuntu.com/usn/USN-3021-2

https://access.redhat.com/errata/RHSA-2018:3083

https://access.redhat.com/errata/RHSA-2018:3096

https://bugzilla.redhat.com/show_bug.cgi?id=1337528

https://github.com/torvalds/linux/commit/99d825822eade8d827a1817357cbf3f889a552d6

Details

Source: MITRE

Published: 2016-05-23

Updated: 2018-10-31

Type: CWE-200

Risk Information

CVSS v2.0

Base Score: 7.2

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.9

Severity: HIGH

CVSS v3.0

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1.8

Severity: HIGH

Vulnerable Software

ID	Name	Product	Family	Severity
125100	EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1494)	Nessus	Huawei Local Security Checks	high
124985	EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1532)	Nessus	Huawei Local Security Checks	high
119187	Scientific Linux Security Update : kernel on SL7.x x86_64	Nessus	Scientific Linux Local Security Checks	high
118990	CentOS 7 : kernel (CESA-2018:3083)	Nessus	CentOS Local Security Checks	high
118770	Oracle Linux 7 : kernel (ELSA-2018-3083)	Nessus	Oracle Linux Local Security Checks	high
118528	RHEL 7 : kernel-rt (RHSA-2018:3096)	Nessus	Red Hat Local Security Checks	high
118525	RHEL 7 : kernel (RHSA-2018:3083)	Nessus	Red Hat Local Security Checks	high
96903	SUSE SLES11 Security Update : kernel (SUSE-SU-2017:0333-1)	Nessus	SuSE Local Security Checks	critical
93679	OracleVM 3.4 : Unbreakable / etc (OVMSA-2016-0100)	Nessus	OracleVM Local Security Checks	critical
93370	SUSE SLES11 Security Update : kernel (SUSE-SU-2016:2245-1)	Nessus	SuSE Local Security Checks	critical
93164	SUSE SLES11 Security Update : kernel (SUSE-SU-2016:1672-1)	Nessus	SuSE Local Security Checks	high
93148	Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2016-3596)	Nessus	Oracle Linux Local Security Checks	critical
93104	openSUSE Security Update : the Linux Kernel (openSUSE-2016-1015)	Nessus	SuSE Local Security Checks	critical
92211	Fedora 24 : kernel (2016-f8739a80b0)	Nessus	Fedora Local Security Checks	high
92067	Fedora 22 : kernel (2016-2363b37a98)	Nessus	Fedora Local Security Checks	high
92055	Fedora 23 : kernel (2016-06f1572324)	Nessus	Fedora Local Security Checks	high
91886	Debian DSA-3607-1 : linux - security update	Nessus	Debian Local Security Checks	critical
91884	Ubuntu 12.04 LTS : linux vulnerabilities (USN-3021-1)	Nessus	Ubuntu Local Security Checks	high
91883	Ubuntu 14.04 LTS : linux-lts-vivid vulnerabilities (USN-3020-1)	Nessus	Ubuntu Local Security Checks	high
91882	Ubuntu 14.04 LTS : linux-lts-utopic vulnerabilities (USN-3019-1)	Nessus	Ubuntu Local Security Checks	high
91881	Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-3018-2)	Nessus	Ubuntu Local Security Checks	high
91880	Ubuntu 14.04 LTS : linux vulnerabilities (USN-3018-1)	Nessus	Ubuntu Local Security Checks	high
91879	Ubuntu 14.04 LTS : linux-lts-wily vulnerabilities (USN-3017-3)	Nessus	Ubuntu Local Security Checks	high
91878	Ubuntu 15.10 : linux-raspi2 vulnerabilities (USN-3017-2)	Nessus	Ubuntu Local Security Checks	high
91877	Ubuntu 15.10 : linux vulnerabilities (USN-3017-1)	Nessus	Ubuntu Local Security Checks	high
91876	Ubuntu 14.04 LTS : linux-lts-xenial vulnerabilities (USN-3016-4)	Nessus	Ubuntu Local Security Checks	high
91875	Ubuntu 16.04 LTS : linux-snapdragon vulnerabilities (USN-3016-3)	Nessus	Ubuntu Local Security Checks	high
91874	Ubuntu 16.04 LTS : linux-raspi2 vulnerabilities (USN-3016-2)	Nessus	Ubuntu Local Security Checks	high
91873	Ubuntu 16.04 LTS : linux vulnerabilities (USN-3016-1)	Nessus	Ubuntu Local Security Checks	high
91687	Debian DLA-516-1 : linux security update	Nessus	Debian Local Security Checks	critical
91463	Amazon Linux AMI : kernel (ALAS-2016-704)	Nessus	Amazon Linux Local Security Checks	high