CVE-2016-6136 : Race condition in the audit_log_single_execve

Race condition in the audit_log_single_execve_arg function in kernel/auditsc.c in the Linux kernel through 4.7 allows local users to bypass intended character-set restrictions or disrupt system-call auditing by changing a certain string, aka a "double fetch" vulnerability.

Published 2016-08-06 20:59:07

Updated 2018-01-05 02:31:05

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2016-6136

Linux » Linux Kernel
Versions up to, including, (<=) 4.7
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2016-6136

EPSS FAQ

0.04%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 6 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2016-6136

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
1.9	LOW	AV:L/AC:M/Au:N/C:N/I:P/A:N	3.4	2.9	NIST
Access Vector: Local Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None
4.7	MEDIUM	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N	1.0	3.6	NIST
Attack Vector: Local Attack Complexity: High Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: High Availability: None

CWE ids for CVE-2016-6136

CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2016-6136

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=43761473c254b45883a64441dd0bc85a42f3645c

kernel/git/torvalds/linux.git - Linux kernel source tree
Issue Tracking;Patch
http://rhn.redhat.com/errata/RHSA-2016-2574.html

RHSA-2016:2574 - Security Advisory - Red Hat Customer Portal

CVEs referencing this url
https://bugzilla.kernel.org/show_bug.cgi?id=120681

120681 – Double-Fetch bug in Linux-4.6/kernel/auditsc.c
Issue Tracking
http://rhn.redhat.com/errata/RHSA-2017-0307.html

RHSA-2017:0307 - Security Advisory - Red Hat Customer Portal

CVEs referencing this url
https://bugzilla.redhat.com/show_bug.cgi?id=1353533

1353533 – (CVE-2016-6136) CVE-2016-6136 kernel: Race condition vulnerability in execve argv arguments
Issue Tracking
http://www.securityfocus.com/archive/1/538835/30/0/threaded

SecurityFocus
Third Party Advisory;VDB Entry
http://www.securityfocus.com/bid/91558

Linux Kernel CVE-2016-6136 Local Information Disclosure Vulnerability
https://github.com/torvalds/linux/commit/43761473c254b45883a64441dd0bc85a42f3645c

audit: fix a double fetch in audit_log_single_execve_arg() · torvalds/linux@4376147 · GitHub
Issue Tracking;Patch
https://github.com/linux-audit/audit-kernel/issues/18

BUG: fix double fetch in audit_log_single_execve_arg() · Issue #18 · linux-audit/audit-kernel · GitHub
Issue Tracking;Patch
https://source.android.com/security/bulletin/2016-11-01.html

Android Security Bulletin—November 2016 | Android Open Source Project

CVEs referencing this url
http://rhn.redhat.com/errata/RHSA-2016-2584.html

RHSA-2016:2584 - Security Advisory - Red Hat Customer Portal

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2016-6136

Products affected by CVE-2016-6136

Exploit prediction scoring system (EPSS) score for CVE-2016-6136

CVSS scores for CVE-2016-6136

CWE ids for CVE-2016-6136

References for CVE-2016-6136