F5 Networks BIG-IP : Linux kernel vulnerability (K90803619)
Low Nessus Plugin ID 100168
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionRace condition in the audit_log_single_execve_arg function in kernel/auditsc.c in the Linux kernel through 4.7 allows local users to bypass intended character-set restrictions or disrupt system-call auditing by changing a certain string, aka a 'double fetch' vulnerability. (CVE-2016-6136)
Locally authenticated users may be able to bypass audit restrictions resulting in the disclosure of local information.
SolutionUpgrade to one of the non-vulnerable versions listed in the F5 Solution K90803619.