Vulnerability Details : CVE-2016-6480

Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 4.7 allows local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a "double fetch" vulnerability.
Publish Date : 2016-08-06 Last Update Date : 2018-01-04

Collapse All Expand All Select Select&Copy	Scroll To Vendor Statements(0) Additional Vendor Data(0) OVAL Definitions(0) Vulnerable Products(0) # Of Vulns By Products References(0) Metasploit Modules(0)	Comments View User Comments Add Comment	External Links Secunia Advisories XForce Advisories Vulnerability Details at NVD Vulnerability Details at Mitre Nessus Plugins Linux Kernel Git Repository First CVSS Guide
Search Twitter Search YouTube Search Google

- CVSS Scores & Vulnerability Types

CVSS Score	4.7
Confidentiality Impact	None (There is no impact to the confidentiality of the system.)
Integrity Impact	None (There is no impact to the integrity of the system)
Availability Impact	Complete (There is a total shutdown of the affected resource. The attacker can render the resource completely unavailable.)
Access Complexity	Medium (The access conditions are somewhat specialized. Some preconditions must be satistified to exploit)
Authentication	Not required (Authentication is not required to exploit the vulnerability.)
Gained Access	None
Vulnerability Type(s)	Denial Of Service
CWE ID	362

- Related OVAL Definitions

Title	Definition Id	Family
RHSA-2016:2574: kernel security, bug fix, and enhancement update (Important)	oval:com.redhat.rhsa:def:20162574	unix
RHSA-2016:2584: kernel-rt security, bug fix, and enhancement update (Important)	oval:com.redhat.rhsa:def:20162584	unix
RHSA-2017:0817: kernel security, bug fix, and enhancement update (Moderate)	oval:com.redhat.rhsa:def:20170817	unix

OVAL (Open Vulnerability and Assessment Language) definitions define exactly what should be done to verify a vulnerability or a missing patch. Check out the OVAL definitions if you want to learn what you should do to verify a vulnerability.

- Products Affected By CVE-2016-6480

#	Product Type	Vendor	Product	Version	Update	Edition	Language
1	OS	Linux	Linux Kernel	4.7				Version Details Vulnerabilities

- Number Of Affected Versions By Product

Vendor	Product	Vulnerable Versions
Linux	Linux Kernel	1

- References For CVE-2016-6480

http://rhn.redhat.com/errata/RHSA-2017-0817.html
REDHAT RHSA-2017:0817

http://www.securityfocus.com/bid/92214
BID 92214 Linux Kernel CVE-2016-6480 Local Information Disclosure Vulnerability Release Date:2017-03-29

https://bugzilla.redhat.com/show_bug.cgi?id=1362466 CONFIRM

http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00001.html
SUSE SUSE-SU-2016:2230

http://rhn.redhat.com/errata/RHSA-2016-2574.html
REDHAT RHSA-2016:2574

http://rhn.redhat.com/errata/RHSA-2016-2584.html
REDHAT RHSA-2016:2584

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00052.html
SUSE SUSE-SU-2016:2179

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00053.html
SUSE SUSE-SU-2016:2180

http://www.securityfocus.com/archive/1/539074/30/0/threaded
BUGTRAQ 20160801 [CVE-2016-6480] Double-Fetch Vulnerability in Linux-4.5/drivers/scsi/aacraid/commctrl.c

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00054.html
SUSE SUSE-SU-2016:2181

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00048.html
SUSE SUSE-SU-2016:2174

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00051.html
SUSE SUSE-SU-2016:2178

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00050.html
SUSE SUSE-SU-2016:2177

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00049.html
SUSE SUSE-SU-2016:2175

- Metasploit Modules Related To CVE-2016-6480

There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information)