Vulnerability Details : CVE-2016-4805
Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel before 4.5.2 allows local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions.
Vulnerability category: Memory CorruptionDenial of service
Products affected by CVE-2016-4805
- cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:-:*:*:*:*:*:*
- cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:sp1:*:*:*:*:*:*
- cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:sp4:*:*:*:*:*:*
- cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:-:*:*:*:*:*:*
- cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:sp1:*:*:*:*:*:*
- cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:12.0:sp1:*:*:*:*:*:*
- cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:11.0:sp4:*:*:*:*:*:*
- cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:12.0:-:*:*:*:*:*:*
- cpe:2.3:o:novell:suse_linux_enterprise_real_time_extension:11.0:sp4:*:*:*:*:*:*
- cpe:2.3:o:novell:suse_linux_enterprise_real_time_extension:12.0:sp1:*:*:*:*:*:*
- cpe:2.3:a:novell:suse_linux_enterprise_module_for_public_cloud:12.0:-:*:*:*:*:*:*
- cpe:2.3:a:novell:suse_linux_enterprise_workstation_extension:12.0:-:*:*:*:*:*:*
- cpe:2.3:a:novell:suse_linux_enterprise_workstation_extension:12.0:sp1:*:*:*:*:*:*
- cpe:2.3:o:novell:opensuse_leap:42.1:*:*:*:*:*:*:*
- cpe:2.3:a:novell:suse_linux_enterprise_live_patching:12.0:-:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*
Threat overview for CVE-2016-4805
Top countries where our scanners detected CVE-2016-4805
Top open port discovered on systems with this issue
80
IPs affected by CVE-2016-4805 155,923
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2016-4805!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2016-4805
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 8 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-4805
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST | |
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2016-4805
-
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-4805
-
http://www.openwall.com/lists/oss-security/2016/05/15/2
oss-security - Re: CVE Requests: Linux: use-after-free issue for ppp channelMailing List;Patch;Third Party Advisory
-
http://www.securitytracker.com/id/1036763
Google Android Multiple Flaws Let Remote Users Deny Service and Execute Arbitrary Code and Let Applications Obtain Potentially Sensitive Information and Gain Elevated Privileges - SecurityTrackerThird Party Advisory;VDB Entry
-
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1f461dcdd296eecedaffffc6bae2bfa90bd7eb89
kernel/git/torvalds/linux.git - Linux kernel source treePatch;Vendor Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html
[security-announce] SUSE-SU-2016:1672-1: important: Security update forMailing List;Release Notes;Third Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=1335803
1335803 – (CVE-2016-4805) CVE-2016-4805 kernel: Use after free vulnerability in ppp_unregister_channelIssue Tracking;Third Party Advisory
-
http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
Oracle VM Server for x86 Bulletin - October 2016Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html
[security-announce] SUSE-SU-2016:1690-1: important: Security update forMailing List;Release Notes;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html
[security-announce] SUSE-SU-2016:1937-1: important: Security update forMailing List;Release Notes;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html
[security-announce] openSUSE-SU-2016:1641-1: important: Security updateMailing List;Third Party Advisory
-
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.2
Mailing List;Vendor Advisory
-
http://www.ubuntu.com/usn/USN-3021-1
USN-3021-1: Linux kernel vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://www.ubuntu.com/usn/USN-3021-2
USN-3021-2: Linux kernel (OMAP4) vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html
[security-announce] SUSE-SU-2016:2105-1: important: Security update forMailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html
[security-announce] SUSE-SU-2016:1985-1: important: Security update forMailing List;Third Party Advisory
-
http://www.securityfocus.com/bid/90605
Linux kernel 'ppp_generic.c' Use After Free Denial of Service VulnerabilityThird Party Advisory;VDB Entry
-
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html
[security-announce] openSUSE-SU-2016:2184-1: important: Security updateMailing List;Third Party Advisory
-
https://github.com/torvalds/linux/commit/1f461dcdd296eecedaffffc6bae2bfa90bd7eb89
ppp: take reference on channels netns · torvalds/linux@1f461dc · GitHubPatch;Third Party Advisory
-
http://www.debian.org/security/2016/dsa-3607
Debian -- Security Information -- DSA-3607-1 linuxThird Party Advisory
-
http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
Oracle Linux Bulletin - July 2016Third Party Advisory
Jump to