Vulnerability Details : CVE-2016-6187
The apparmor_setprocattr function in security/apparmor/lsm.c in the Linux kernel before 4.6.5 does not validate the buffer size, which allows local users to gain privileges by triggering an AppArmor setprocattr hook.
Vulnerability category: Overflow
Products affected by CVE-2016-6187
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-6187
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 11 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-6187
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST | |
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2016-6187
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-6187
-
https://bugzilla.redhat.com/show_bug.cgi?id=1354383
1354383 – (CVE-2016-6187) CVE-2016-6187 kernel: apparmor: Potential privilege escalation via oops in apparmor_setprocattr()Issue Tracking
-
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=30a46a4647fd1df9cf52e43bf467f0d9265096ca
kernel/git/torvalds/linux.git - Linux kernel source treeIssue Tracking;Patch
-
https://github.com/torvalds/linux/commit/30a46a4647fd1df9cf52e43bf467f0d9265096ca
apparmor: fix oops, validate buffer size in apparmor_setprocattr() · torvalds/linux@30a46a4 · GitHubIssue Tracking;Patch
-
http://www.securityfocus.com/bid/91696
Linux Kernel CVE-2016-6187 Local Privilege Escalation VulnerabilityThird Party Advisory;VDB Entry
-
http://marc.info/?l=linux-kernel&m=146793642811929&w=2
'[GIT PULL] Fix for AppArmor oops in apparmor_setprocattr()' - MARCThird Party Advisory
-
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.5
Release Notes
-
http://www.openwall.com/lists/oss-security/2016/07/09/2
oss-security - Re: CVE request: apparmor: oops in apparmor_setprocattr()Mailing List;Third Party Advisory
Jump to