CVE-2016-6136

kernel: Race condition vulnerability in execve argv arguments

Severity Score

4.7

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Race condition in the audit_log_single_execve_arg function in kernel/auditsc.c in the Linux kernel through 4.7 allows local users to bypass intended character-set restrictions or disrupt system-call auditing by changing a certain string, aka a "double fetch" vulnerability.

Condición de carrera en la función audit_log_single_execve_arg en kernel/auditsc.c en el kernel de Linux hasta la versión 4.7 permite a usuarios locales eludir restricciones de set de caracteres intencionados o interrumpir la auditoria del sistema de llamada cambiando una cierta cadena, también conocido como una vulnerabilidad de "doble recuperación".

When creating audit records for parameters to executed children processes, an attacker can convince the Linux kernel audit subsystem can create corrupt records which may allow an attacker to misrepresent or evade logging of executing commands.

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: When creating audit records for parameters to executed children processes, an attacker can convince the Linux kernel audit subsystem can create corrupt records which may allow an attacker to misrepresent or evade logging of executing commands. A flaw was found in the Linux kernel's implementation of the SCTP protocol. A remote attacker could trigger an out-of-bounds read with an offset of up to 64kB potentially causing the system to crash.

*Credits: N/A

CVSS Scores

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

None

Attack Vector

Local

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2016-07-01 CVE Reserved
2016-07-04 CVE Published
2024-08-06 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CAPEC

References (12)

URL	Tag	Source
http://www.securityfocus.com/archive/1/538835/30/0/threaded	Mailing List
http://www.securityfocus.com/bid/91558	Vdb Entry
https://bugzilla.kernel.org/show_bug.cgi?id=120681	Issue Tracking
https://source.android.com/security/bulletin/2016-11-01.html	X_refsource_confirm

URL	Date	SRC

URL	Date	SRC
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=43761473c254b45883a64441dd0bc85a42f3645c	2018-01-05
https://github.com/linux-audit/audit-kernel/issues/18	2018-01-05
https://github.com/torvalds/linux/commit/43761473c254b45883a64441dd0bc85a42f3645c	2018-01-05

URL	Date	SRC
http://rhn.redhat.com/errata/RHSA-2016-2574.html	2018-01-05
http://rhn.redhat.com/errata/RHSA-2016-2584.html	2018-01-05
http://rhn.redhat.com/errata/RHSA-2017-0307.html	2018-01-05
https://bugzilla.redhat.com/show_bug.cgi?id=1353533	2017-02-23
https://access.redhat.com/security/cve/CVE-2016-6136	2017-02-23

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				<= 4.7 Search vendor "Linux" for product "Linux Kernel" and version " <= 4.7"		-		Affected