Vulnerability Details : CVE-2016-4794
Use-after-free vulnerability in mm/percpu.c in the Linux kernel through 4.6 allows local users to cause a denial of service (BUG) or possibly have unspecified other impact via crafted use of the mmap and bpf system calls.
Vulnerability category: Memory CorruptionDenial of service
Products affected by CVE-2016-4794
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-4794
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 19 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-4794
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST | |
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
References for CVE-2016-4794
-
https://source.android.com/security/bulletin/2016-12-01.html
Android Security Bulletin—December 2016 | Android Open Source ProjectThird Party Advisory
-
http://www.openwall.com/lists/oss-security/2016/05/12/6
oss-security - Linux Kernel bpf related UAFExploit;Mailing List;Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2016-2574.html
RHSA-2016:2574 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www.ubuntu.com/usn/USN-3056-1
USN-3056-1: Linux kernel (Raspberry Pi 2) vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://www.ubuntu.com/usn/USN-3055-1
USN-3055-1: Linux kernel vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=1335889
1335889 – (CVE-2016-4794) CVE-2016-4794 kernel: Use after free in array_map_allocVDB Entry;Issue Tracking;Third Party Advisory
-
http://www.ubuntu.com/usn/USN-3057-1
USN-3057-1: Linux kernel (Qualcomm Snapdragon) vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://www.securityfocus.com/bid/90625
Linux kernel 'pcpu_extend_area_map()' Function Use After Free Denial of Service VulnerabilityThird Party Advisory;VDB Entry
-
http://www.ubuntu.com/usn/USN-3054-1
USN-3054-1: Linux kernel (Xenial HWE) vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2016-2584.html
RHSA-2016:2584 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www.ubuntu.com/usn/USN-3053-1
USN-3053-1: Linux kernel (Vivid HWE) vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://lkml.org/lkml/2016/4/17/125
LKML: Alexei Starovoitov: Re: bpf: use-after-free in array_map_allocExploit;Third Party Advisory
Jump to