CVE-2016-10741

kernel: race condition between direct and memory-mapped I/O in fs/xfs/xfs_aops.c

Severity Score

4.7

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel before 4.9.3, fs/xfs/xfs_aops.c allows local users to cause a denial of service (system crash) because there is a race condition between direct and memory-mapped I/O (associated with a hole) that is handled with BUG_ON instead of an I/O failure.

En el kernel de Linux, en versiones anteriores a la 4.9.3, "fs/xfs/xfs_aops.c" permite a los usuarios locales provocar una denegación de servicio (cierre inesperado del sistema) debido a que hay una condición de carrera entre el I/O directo y el mapeado con la memoria (asociado con un agujero) que se maneja con BUG_ON en vez de un fallo I/O.

It was found that the Linux kernel can hit a BUG_ON() statement in the __xfs_get_blocks() in the fs/xfs/xfs_aops.c because of a race condition between direct and memory-mapped I/O associated with a hole in a file that is handled with BUG_ON() instead of an I/O failure. This allows a local unprivileged attacker to cause a system crash and a denial of service.

*Credits: N/A

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2019-02-01 CVE Reserved
2019-02-01 CVE Published
2023-03-08 EPSS Updated
2024-08-06 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE-369: Divide By Zero

CAPEC

References (9)

URL	Tag	Source
http://www.securityfocus.com/bid/106822	Third Party Advisory
https://bugzilla.suse.com/show_bug.cgi?id=1124010	Issue Tracking
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.3	Release Notes
https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html	Mailing List
https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html	Mailing List

URL	Date	SRC

URL	Date	SRC
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=04197b341f23b908193308b8d63d17ff23232598	2019-04-18
https://github.com/torvalds/linux/commit/04197b341f23b908193308b8d63d17ff23232598	2019-04-18

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2016-10741	2017-09-06
https://bugzilla.redhat.com/show_bug.cgi?id=1671869	2017-09-06

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 4.9.3 Search vendor "Linux" for product "Linux Kernel" and version " < 4.9.3"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0"		-		Affected