CVE-2016-5412
Kernel: powerpc: kvm: Infinite loop via H_CEDE hypercall when running under hypervisor-mode
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
arch/powerpc/kvm/book3s_hv_rmhandlers.S in the Linux kernel through 4.7 on PowerPC platforms, when CONFIG_KVM_BOOK3S_64_HV is enabled, allows guest OS users to cause a denial of service (host OS infinite loop) by making a H_CEDE hypercall during the existence of a suspended transaction.
arch/powerpc/kvm/book3s_hv_rmhandlers.S en el kernel de Linux hasta la versión 4.7 en plataformas PowerPC, cuando se encuentra habilitada CONFIG_KVM_BOOK3S_64_HV, permite a usuarios invitados del SO provocar una denegación de servicio (bucle infinito del SO anfitrión) haciendo una hiperllamada H_CEDE durante la existencia de una transacción suspendida.
Pengfei Wang discovered a race condition in the audit subsystem in the Linux kernel. A local attacker could use this to corrupt audit logs or disrupt system-call auditing. It was discovered that the powerpc and powerpc64 hypervisor-mode KVM implementation in the Linux kernel for did not properly maintain state about transactional memory. An unprivileged attacker in a guest could cause a denial of service in the host OS. Various other issues were also addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-06-10 CVE Reserved
- 2016-08-06 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-399: Resource Management Errors
- CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=93d17397e4e2182fdaad503e2f9da46202c0f1c3 | X_refsource_confirm | |
| http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f024ee098476a3e620232e4a78cfac505f121245 | X_refsource_confirm | |
| http://www.openwall.com/lists/oss-security/2016/07/28/2 | Mailing List |
|
| https://github.com/torvalds/linux/commit/93d17397e4e2182fdaad503e2f9da46202c0f1c3 | X_refsource_confirm | |
| https://github.com/torvalds/linux/commit/f024ee098476a3e620232e4a78cfac505f121245 | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1349916 | 2016-11-03 |
| URL | Date | SRC |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2016-2574.html | 2023-02-12 | |
| https://access.redhat.com/security/cve/CVE-2016-5412 | 2016-11-03 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | <= 4.7 Search vendor "Linux" for product "Linux Kernel" and version " <= 4.7" | - |
Affected
| ||||||