Vulnerability Details : CVE-2016-5728
Race condition in the vop_ioctl function in drivers/misc/mic/vop/vop_vringh.c in the MIC VOP driver in the Linux kernel before 4.6.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (memory corruption and system crash) by changing a certain header, aka a "double fetch" vulnerability.
Vulnerability category: OverflowMemory CorruptionDenial of service
Products affected by CVE-2016-5728
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-5728
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-5728
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.4
|
MEDIUM | AV:L/AC:M/Au:N/C:P/I:N/A:C |
3.4
|
7.8
|
NIST | |
6.3
|
MEDIUM | CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H |
1.0
|
5.2
|
NIST |
CWE ids for CVE-2016-5728
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-5728
-
http://www.ubuntu.com/usn/USN-3071-1
USN-3071-1: Linux kernel vulnerabilities | Ubuntu security notices
-
http://www.ubuntu.com/usn/USN-3070-1
USN-3070-1: Linux kernel vulnerabilities | Ubuntu security notices
-
http://www.ubuntu.com/usn/USN-3070-4
USN-3070-4: Linux kernel (Xenial HWE) vulnerabilities | Ubuntu security notices
-
http://www.ubuntu.com/usn/USN-3071-2
USN-3071-2: Linux kernel (Trusty HWE) vulnerabilities | Ubuntu security notices
-
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9bf292bfca94694a721449e3fd752493856710f6
kernel/git/torvalds/linux.git - Linux kernel source treeVendor Advisory
-
http://www.ubuntu.com/usn/USN-3070-2
USN-3070-2: Linux kernel (Raspberry Pi 2) vulnerabilities | Ubuntu security notices
-
http://www.securityfocus.com/archive/1/538802/30/0/threaded
SecurityFocus
-
http://www.ubuntu.com/usn/USN-3070-3
USN-3070-3: Linux kernel (Qualcomm Snapdragon) vulnerabilities | Ubuntu security notices
-
https://bugzilla.kernel.org/show_bug.cgi?id=116651
116651 – Double-Fetch bug in Linux-4.5/drivers/misc/mic/host/mic_virtio.c
-
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.1
-
http://www.debian.org/security/2016/dsa-3616
Debian -- Security Information -- DSA-3616-1 linux
-
https://github.com/torvalds/linux/commit/9bf292bfca94694a721449e3fd752493856710f6
misc: mic: Fix for double fetch security bug in VOP driver · torvalds/linux@9bf292b · GitHubVendor Advisory
Jump to