Vulnerability Details : CVE-2016-9754
The ring_buffer_resize function in kernel/trace/ring_buffer.c in the profiling subsystem in the Linux kernel before 4.6.1 mishandles certain integer calculations, which allows local users to gain privileges by writing to the /sys/kernel/debug/tracing/buffer_size_kb file.
Published
2017-01-05 11:59:00
Updated
2023-01-17 21:05:25
Vulnerability category: Overflow
Products affected by CVE-2016-9754
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:4.6:*:*:*:*:*:*:*
Threat overview for CVE-2016-9754
Top countries where our scanners detected CVE-2016-9754
Top open port discovered on systems with this issue
49152
IPs affected by CVE-2016-9754 15,782
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2016-9754!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2016-9754
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-9754
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST | |
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2016-9754
-
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-9754
-
https://source.android.com/security/bulletin/2017-01-01.html
Android Security Bulletin—January 2017 | Android Open Source ProjectThird Party Advisory
-
https://github.com/torvalds/linux/commit/59643d1535eb220668692a5359de22545af579f6
ring-buffer: Prevent overflow of size in ring_buffer_resize() · torvalds/linux@59643d1 · GitHubPatch;Vendor Advisory
-
http://www.securityfocus.com/bid/95278
Linux Kernel CVE-2016-9754 Local Integer Overflow VulnerabilityThird Party Advisory;VDB Entry
-
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.1
Release Notes
-
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=59643d1535eb220668692a5359de22545af579f6
kernel/git/torvalds/linux.git - Linux kernel source treeExploit;Patch;Vendor Advisory
Jump to