Vulnerability Details : CVE-2016-10154
The smbhash function in fs/cifs/smbencrypt.c in the Linux kernel 4.9.x before 4.9.1 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a scatterlist.
Vulnerability category: OverflowMemory CorruptionDenial of service
Products affected by CVE-2016-10154
- cpe:2.3:o:linux:linux_kernel:4.9:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-10154
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-10154
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.9
|
MEDIUM | AV:L/AC:L/Au:N/C:N/I:N/A:C |
3.9
|
6.9
|
NIST | |
5.5
|
MEDIUM | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
1.8
|
3.6
|
NIST |
CWE ids for CVE-2016-10154
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-10154
-
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.1
Release Notes;Vendor Advisory
-
https://github.com/torvalds/linux/commit/06deeec77a5a689cc94b21a8a91a76e42176685d
cifs: Fix smbencrypt() to stop pointing a scatterlist at the stack · torvalds/linux@06deeec · GitHubIssue Tracking;Patch;Third Party Advisory
-
http://www.securityfocus.com/bid/95714
Linux Kernel CVE-2016-10154 Local Denial of Service VulnerabilityThird Party Advisory;VDB Entry
-
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=06deeec77a5a689cc94b21a8a91a76e42176685d
kernel/git/torvalds/linux.git - Linux kernel source treeIssue Tracking;Patch;Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2017/01/21/3
oss-security - Re: CVE REQUEST: linux kernel: process with pgid zero able to crash kernelMailing List;Patch;Third Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=1416104
1416104 – (CVE-2016-10154) CVE-2016-10154 kernel: smbencrypt() points a scatterlist to the stack causing DoSIssue Tracking;Patch
Jump to