CVE-2016-7042
kernel: Stack corruption while reading /proc/keys when gcc stack protector is enabled
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The proc_keys_show function in security/keys/proc.c in the Linux kernel through 4.8.2, when the GNU Compiler Collection (gcc) stack protector is enabled, uses an incorrect buffer size for certain timeout data, which allows local users to cause a denial of service (stack memory corruption and panic) by reading the /proc/keys file.
La función proc_keys_show en security/keys/proc.c en el kernel de Linux hasta la versión 4.8.2, cuando el protector de pila GNU Compiler Collection (gcc) está habilitado, utiliza un tamaño de búfer incorrecto para ciertos datos de tiempo de espera, lo que permite a usuarios locales provocar una denegación de servicio (corrupción de la memoria de pila y pánico) leyendo el archivo /proc/keys.
It was found that when the gcc stack protector was enabled, reading the /proc/keys file could cause a panic in the Linux kernel due to stack corruption. This happened because an incorrect buffer size was used to hold a 64-bit timeout value rendered as weeks.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-08-23 CVE Reserved
- 2016-10-16 CVE Published
- 2024-08-06 CVE Updated
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
- CWE-121: Stack-based Buffer Overflow
CAPEC
References (9)
URL | Tag | Source |
---|---|---|
http://www.openwall.com/lists/oss-security/2016/10/13/5 | Mailing List | |
http://www.securityfocus.com/bid/93544 | Vdb Entry | |
https://source.android.com/security/bulletin/2017-01-01.html | X_refsource_confirm |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://rhn.redhat.com/errata/RHSA-2017-0817.html | 2018-01-05 | |
https://access.redhat.com/errata/RHSA-2017:1842 | 2018-01-05 | |
https://access.redhat.com/errata/RHSA-2017:2077 | 2018-01-05 | |
https://access.redhat.com/errata/RHSA-2017:2669 | 2018-01-05 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1373966 | 2017-09-06 | |
https://access.redhat.com/security/cve/CVE-2016-7042 | 2017-09-06 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | <= 4.8.2 Search vendor "Linux" for product "Linux Kernel" and version " <= 4.8.2" | - |
Affected
|