CVE-2016-2550
Ubuntu Security Notice USN-2949-1
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The Linux kernel before 4.5 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by leveraging incorrect tracking of descriptor ownership and sending each descriptor over a UNIX socket before closing it. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-4312.
El kernel de Linux en versiones anteriores a 4.5 permite a usuarios locales eludir los límites del archivo descriptor y causar una denegación de servicio (consumo de memoria) mediante el aprovechamiento del incorrecto seguimiento de la propiedad del descriptor y enviando cada descriptor a través de un socket UNIX antes de cerrarlo. NOTA: esta vulnerabilidad existe debido a una solución incorrecta para CVE-2013-4312.
Venkatesh Pottem discovered a use-after-free vulnerability in the Linux kernel's CXGB3 driver. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Xiaofei Rex Guo discovered a timing side channel vulnerability in the Linux Extended Verification Module (EVM). An attacker could use this to affect system integrity. David Herrmann discovered that the Linux kernel incorrectly accounted file descriptors to the original opener for in-flight file descriptors sent over a unix domain socket. A local attacker could use this to cause a denial of service (resource exhaustion). Various other issues were also addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-02-23 CVE Reserved
- 2016-03-04 CVE Published
- 2024-08-05 CVE Updated
- 2025-07-09 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-399: Resource Management Errors
CAPEC
References (14)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2016/02/23/2 | Mailing List |
|
| http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html | X_refsource_confirm |
|
| https://bugzilla.redhat.com/show_bug.cgi?id=1311517 | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/torvalds/linux/commit/415e3d3e90ce9e18727e8843ae343eda5a58fad6 | 2018-01-18 |
| URL | Date | SRC |
|---|---|---|
| http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=415e3d3e90ce9e18727e8843ae343eda5a58fad6 | 2018-01-18 | |
| http://www.debian.org/security/2016/dsa-3503 | 2018-01-18 | |
| http://www.ubuntu.com/usn/USN-2946-1 | 2018-01-18 | |
| http://www.ubuntu.com/usn/USN-2946-2 | 2018-01-18 | |
| http://www.ubuntu.com/usn/USN-2947-1 | 2018-01-18 | |
| http://www.ubuntu.com/usn/USN-2947-2 | 2018-01-18 | |
| http://www.ubuntu.com/usn/USN-2947-3 | 2018-01-18 | |
| http://www.ubuntu.com/usn/USN-2948-1 | 2018-01-18 | |
| http://www.ubuntu.com/usn/USN-2948-2 | 2018-01-18 | |
| http://www.ubuntu.com/usn/USN-2949-1 | 2018-01-18 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | <= 4.4.8 Search vendor "Linux" for product "Linux Kernel" and version " <= 4.4.8" | - |
Affected
| ||||||