CVE-2016-7916 : Race condition in the environ_read function in fs/proc/base.c in the Linux kerne

Race condition in the environ_read function in fs/proc/base.c in the Linux kernel before 4.5.4 allows local users to obtain sensitive information from kernel memory by reading a /proc/*/environ file during a process-setup time interval in which environment-variable copying is incomplete.

Published 2016-11-16 05:59:11

Updated 2025-04-12 10:46:41

Source Android (associated with Google Inc. or Open Handset Alliance)

View at NVD, CVE.org

Products affected by CVE-2016-7916

Linux » Linux Kernel
Versions up to, including, (<=) 4.5.3
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2016-7916

EPSS FAQ

0.05%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 14 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2016-7916

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.7	MEDIUM	AV:L/AC:M/Au:N/C:C/I:N/A:N	3.4	6.9	NIST
Access Vector: Local Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: None Availability Impact: None
5.5	MEDIUM	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N	1.8	3.6	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: None Availability: None

CWE ids for CVE-2016-7916

CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2016-7916

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8148a73c9901a8794a50f950083c00ccf97d43b3

kernel/git/torvalds/linux.git - Linux kernel source tree
Issue Tracking;Patch;Third Party Advisory
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.4

Release Notes;Vendor Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/94138

Linux Kernel Multiple Information Disclosure Vulnerabilities
Third Party Advisory;VDB Entry

CVEs referencing this url
https://github.com/torvalds/linux/commit/8148a73c9901a8794a50f950083c00ccf97d43b3

proc: prevent accessing /proc/<PID>/environ until it's ready · torvalds/linux@8148a73 · GitHub
Issue Tracking;Patch;Third Party Advisory
https://bugzilla.kernel.org/show_bug.cgi?id=116461

116461 – PAX: size overflow in function environ_read fs/proc/base.c
Issue Tracking
http://source.android.com/security/bulletin/2016-11-01.html

Android Security Bulletin—November 2016 | Android Open Source Project
Third Party Advisory

CVEs referencing this url
http://www.ubuntu.com/usn/USN-3159-1

USN-3159-1: Linux kernel vulnerability | Ubuntu security notices
https://forums.grsecurity.net/viewtopic.php?f=3&t=4363

grsecurity forums • View topic - PAX: size overflow in function environ_read fs/proc/base.c
Issue Tracking
http://www.ubuntu.com/usn/USN-3159-2

USN-3159-2: Linux kernel (OMAP4) vulnerability | Ubuntu security notices

Jump to

Vulnerability Details : CVE-2016-7916

Products affected by CVE-2016-7916

Exploit prediction scoring system (EPSS) score for CVE-2016-7916

CVSS scores for CVE-2016-7916

CWE ids for CVE-2016-7916

References for CVE-2016-7916