Vulnerability Details : CVE-2016-7914
The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel before 4.5.3 does not check whether a slot is a leaf, which allows local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and out-of-bounds read) via an application that uses associative-array data structures, as demonstrated by the keyutils test suite.
Published
2016-11-16 05:59:09
Updated
2018-01-05 02:31:16
Vulnerability category: Denial of service
Exploit prediction scoring system (EPSS) score for CVE-2016-7914
0.07%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 29 %
Percentile, the proportion of vulnerabilities that are scored at or less