CVE-2016-9576
kernel: Use after free in SCSI generic device interface
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 4.8.14 does not properly restrict the type of iterator, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device.
La función blk_rq_map_user_iov en block/blk-map.c en el kernel de Linux en versiones anteriores a 4.8.14 no restringe adecuadamente el tipo de iterador, lo que permite a usuarios locales leer o escribir a ubicaciones de memoria del kernel arbitrarias o provocar una denegación de servicio (uso después de liberación de memoria) aprovechando acceso a un dispositivo /dev/sg.
It was found that the blk_rq_map_user_iov() function in the Linux kernel's block device implementation did not properly restrict the type of iterator, which could allow a local attacker to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging write access to a /dev/sg device.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-11-23 CVE Reserved
- 2016-12-28 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-416: Use After Free
CAPEC
References (20)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/94821 | Third Party Advisory |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.0 < 4.4.38 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.0 < 4.4.38" | - |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.5 < 4.8.14 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.5 < 4.8.14" | - |
Affected
|