CVE-2016-6213
kernel: Overflowing kernel mount table using shared bind mount
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
fs/namespace.c in the Linux kernel before 4.9 does not restrict how many mounts may exist in a mount namespace, which allows local users to cause a denial of service (memory consumption and deadlock) via MS_BIND mount system calls, as demonstrated by a loop that triggers exponential growth in the number of mounts.
fs/namespace.c en el kernel de Linux en versiones anteriores a 4.9 no restringe la cantidad de montajes que pueden existir en un espacio de nombre del montaje, lo que permite a usuarios locales provocar una denegación de servicio (consumo de memoria y punto muerto) a través de llamadas al sistema de montaje MS_BIND, según lo demostrado por un bucle que desencadena un crecimiento exponencial en el número de montajes.
It was found that in Linux kernel the mount table expands by a power-of-two with each bind mount command. If a system is configured to allow non-privileged user to do bind mounts, or allows to do so in a container or unprivileged mount namespace, then non-privileged user is able to cause a local DoS by overflowing the mount table, which causes a deadlock for the whole system.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-07-13 CVE Reserved
- 2016-12-20 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-400: Uncontrolled Resource Consumption
- CWE-770: Allocation of Resources Without Limits or Throttling
CAPEC
References (8)
URL | Tag | Source |
---|---|---|
http://www.openwall.com/lists/oss-security/2016/07/13/8 | Mailing List | |
http://www.securityfocus.com/bid/91754 | Vdb Entry |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://access.redhat.com/errata/RHSA-2017:1842 | 2018-01-05 | |
https://access.redhat.com/errata/RHSA-2017:2077 | 2018-01-05 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1356471 | 2017-08-01 | |
https://access.redhat.com/security/cve/CVE-2016-6213 | 2017-08-01 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | <= 4.8.15 Search vendor "Linux" for product "Linux Kernel" and version " <= 4.8.15" | - |
Affected
|