fs/overlayfs/dir.c in the OverlayFS filesystem implementation in the Linux kernel before 4.6 does not properly verify the upper dentry before proceeding with unlink and rename system-call processing, which allows local users to cause a denial of service (system crash) via a rename system call that specifies a self-hardlink.
http://rhn.redhat.com/errata/RHSA-2016-1847.html
http://rhn.redhat.com/errata/RHSA-2016-1875.html
http://www.openwall.com/lists/oss-security/2016/07/11/8
http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
http://www.securityfocus.com/bid/91709
http://www.securitytracker.com/id/1036273
http://www.ubuntu.com/usn/USN-3070-1
http://www.ubuntu.com/usn/USN-3070-2
http://www.ubuntu.com/usn/USN-3070-3
http://www.ubuntu.com/usn/USN-3070-4
https://bugzilla.redhat.com/show_bug.cgi?id=1355650
https://github.com/torvalds/linux/commit/11f3710417d026ea2f4fcf362d866342c5274185
Source: MITRE
Published: 2016-08-06
Updated: 2019-12-27
Type: CWE-20
Base Score: 4.9
Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C
Impact Score: 6.9
Exploitability Score: 3.9
Severity: MEDIUM
Base Score: 5.5
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Impact Score: 3.6
Exploitability Score: 1.8
Severity: MEDIUM
OR
OR
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions up to 4.5.7 (inclusive)
OR
ID | Name | Product | Family | Severity |
---|---|---|---|---|
132134 | EulerOS 2.0 SP3 : kernel (EulerOS-SA-2019-2599) | Nessus | Huawei Local Security Checks | high |
125100 | EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1494) | Nessus | Huawei Local Security Checks | high |
124810 | EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1486) | Nessus | Huawei Local Security Checks | high |
93679 | OracleVM 3.4 : Unbreakable / etc (OVMSA-2016-0100) | Nessus | OracleVM Local Security Checks | critical |
93594 | CentOS 7 : kernel (CESA-2016:1847) | Nessus | CentOS Local Security Checks | high |
93556 | RHEL 7 : kernel-rt (RHSA-2016:1875) | Nessus | Red Hat Local Security Checks | high |
93555 | RHEL 7 : kernel (RHSA-2016:1847) | Nessus | Red Hat Local Security Checks | high |
93501 | Oracle Linux 7 : kernel (ELSA-2016-1847) | Nessus | Oracle Linux Local Security Checks | high |
93243 | Ubuntu 14.04 LTS : linux-lts-xenial vulnerabilities (USN-3070-4) | Nessus | Ubuntu Local Security Checks | high |
93242 | Ubuntu 16.04 LTS : linux-snapdragon vulnerabilities (USN-3070-3) | Nessus | Ubuntu Local Security Checks | high |
93241 | Ubuntu 16.04 LTS : linux-raspi2 vulnerabilities (USN-3070-2) | Nessus | Ubuntu Local Security Checks | high |
93217 | Ubuntu 16.04 LTS : linux vulnerabilities (USN-3070-1) | Nessus | Ubuntu Local Security Checks | high |
93148 | Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2016-3596) | Nessus | Oracle Linux Local Security Checks | critical |
92658 | OracleVM 3.4 : kernel-uek (OVMSA-2016-0091) | Nessus | OracleVM Local Security Checks | medium |
92656 | Oracle Linux 6 / 7 : kernel-uek (ELSA-2016-3587) | Nessus | Oracle Linux Local Security Checks | medium |