Vulnerability Details : CVE-2016-2069
Race condition in arch/x86/mm/tlb.c in the Linux kernel before 4.4.1 allows local users to gain privileges by triggering access to a paging structure by a different CPU.
Products affected by CVE-2016-2069
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-2069
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 16 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-2069
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.4
|
MEDIUM | AV:L/AC:M/Au:N/C:P/I:P/A:P |
3.4
|
6.4
|
NIST | |
|
7.4
|
HIGH | CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
1.4
|
5.9
|
NIST |
CWE ids for CVE-2016-2069
-
The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-2069
-
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html
[security-announce] SUSE-SU-2016:0911-1: important: Security update for
-
http://www.ubuntu.com/usn/USN-2989-1
USN-2989-1: Linux kernel vulnerabilities | Ubuntu security notices
-
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html
[security-announce] SUSE-SU-2016:1102-1: important: Security update for
-
http://rhn.redhat.com/errata/RHSA-2016-2574.html
RHSA-2016:2574 - Security Advisory - Red Hat Customer Portal
-
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html
[security-announce] SUSE-SU-2016:2074-1: important: Security update for
-
http://www.ubuntu.com/usn/USN-2932-1
USN-2932-1: Linux kernel (Vivid HWE) vulnerabilities | Ubuntu security notices
-
http://www.debian.org/security/2016/dsa-3503
Debian -- Security Information -- DSA-3503-1 linux
-
http://www.openwall.com/lists/oss-security/2016/01/25/1
oss-security - CVE Request: x86 Linux TLB flush bug
-
http://rhn.redhat.com/errata/RHSA-2017-0817.html
RHSA-2017:0817 - Security Advisory - Red Hat Customer Portal
-
http://www.ubuntu.com/usn/USN-2931-1
USN-2931-1: Linux kernel (Utopic HWE) vulnerabilities | Ubuntu security notices
-
http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
Oracle VM Server for x86 Bulletin - October 2016
-
http://www.securityfocus.com/bid/81809
Linux Kernel CVE-2016-2069 TLB Flush Local Security Bypass Vulnerability
-
http://www.ubuntu.com/usn/USN-2998-1
USN-2998-1: Linux kernel (Trusty HWE) vulnerabilities | Ubuntu security notices
-
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html
[security-announce] openSUSE-SU-2016:1008-1: important: Security update
-
http://www.ubuntu.com/usn/USN-2967-2
USN-2967-2: Linux kernel (OMAP4) vulnerabilities | Ubuntu security notices
-
https://github.com/torvalds/linux/commit/71b3c126e61177eb693423f2e18a1914205b165e
x86/mm: Add barriers and document switch_mm()-vs-flush synchronization · torvalds/linux@71b3c12 · GitHubPatch;Vendor Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=1301893
1301893 – (CVE-2016-2069) CVE-2016-2069 kernel: race condition in the TLB flush logic
-
http://rhn.redhat.com/errata/RHSA-2016-2584.html
RHSA-2016:2584 - Security Advisory - Red Hat Customer Portal
-
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.1
-
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=71b3c126e61177eb693423f2e18a1914205b165e
kernel/git/torvalds/linux.git - Linux kernel source treeVendor Advisory
-
http://www.ubuntu.com/usn/USN-2967-1
USN-2967-1: Linux kernel vulnerabilities | Ubuntu security notices
-
http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
Oracle Linux Bulletin - July 2016
Jump to