CVE-2016-0723
Ubuntu Security Notice USN-2929-2
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call.
Condición de carrera en la función tty_ioctl en drivers/tty/tty_io.c en el kernel de Linux hasta la versión 4.4.1 permite a usuarios locales obtener información sensible de la memoria del kernel o provocar una denegación de servicio (uso después de liberación y caída de aplicación) al hacer una llamada ioctl TIOCGETD ioctl durante el procesamiento de una llamada ioctl TIOCSETD.
Ben Hawkes discovered that the Linux netfilter implementation did not correctly perform validation when handling IPT_SO_SET_REPLACE events. A local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. Ben Hawkes discovered an integer overflow in the Linux netfilter implementation. On systems running 32 bit kernels, a local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. Various other issues were also addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-12-16 CVE Reserved
- 2016-01-19 CVE Published
- 2024-08-05 CVE Updated
- 2025-07-09 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
- CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CAPEC
References (29)
| URL | Tag | Source |
|---|---|---|
| http://source.android.com/security/bulletin/2016-07-01.html | X_refsource_confirm | |
| http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | X_refsource_confirm |
|
| http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html | X_refsource_confirm |
|
| http://www.securityfocus.com/bid/82950 | Vdb Entry | |
| http://www.securitytracker.com/id/1035695 | Vdb Entry | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1296253 | X_refsource_confirm | |
| https://github.com/torvalds/linux/commit/5c17c861a357e9458001f021a7afa7aab9937439 | X_refsource_confirm | |
| https://security-tracker.debian.org/tracker/CVE-2016-0723 | X_refsource_confirm | |
| https://support.f5.com/csp/article/K43650115 | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | <= 4.4.1 Search vendor "Linux" for product "Linux Kernel" and version " <= 4.4.1" | - |
Affected
| ||||||