Vulnerability Details : CVE-2016-6197
fs/overlayfs/dir.c in the OverlayFS filesystem implementation in the Linux kernel before 4.6 does not properly verify the upper dentry before proceeding with unlink and rename system-call processing, which allows local users to cause a denial of service (system crash) via a rename system call that specifies a self-hardlink.
Vulnerability category: Denial of service
Products affected by CVE-2016-6197
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*
- cpe:2.3:o:oracle:vm_server:3.4:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-6197
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 8 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-6197
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.9
|
MEDIUM | AV:L/AC:L/Au:N/C:N/I:N/A:C |
3.9
|
6.9
|
NIST | |
|
5.5
|
MEDIUM | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
1.8
|
3.6
|
NIST |
CWE ids for CVE-2016-6197
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-6197
-
http://rhn.redhat.com/errata/RHSA-2016-1875.html
RHSA-2016:1875 - Security Advisory - Red Hat Customer Portal
-
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=11f3710417d026ea2f4fcf362d866342c5274185
kernel/git/torvalds/linux.git - Linux kernel source treeIssue Tracking;Patch
-
http://www.ubuntu.com/usn/USN-3070-1
USN-3070-1: Linux kernel vulnerabilities | Ubuntu security notices
-
http://www.openwall.com/lists/oss-security/2016/07/11/8
oss-security - Re: cvs request: local DoS using rename syscall on overlayfs on top of xfs to crash the kernel - Linux kernelMailing List;Third Party Advisory
-
http://www.securitytracker.com/id/1036273
Linux Kernel xfsoverlay Rename Bugs Let Local Users Cause Denial of Service Conditions on the Target System - SecurityTracker
-
http://www.ubuntu.com/usn/USN-3070-4
USN-3070-4: Linux kernel (Xenial HWE) vulnerabilities | Ubuntu security notices
-
http://www.ubuntu.com/usn/USN-3070-2
USN-3070-2: Linux kernel (Raspberry Pi 2) vulnerabilities | Ubuntu security notices
-
http://rhn.redhat.com/errata/RHSA-2016-1847.html
RHSA-2016:1847 - Security Advisory - Red Hat Customer Portal
-
http://www.ubuntu.com/usn/USN-3070-3
USN-3070-3: Linux kernel (Qualcomm Snapdragon) vulnerabilities | Ubuntu security notices
-
https://github.com/torvalds/linux/commit/11f3710417d026ea2f4fcf362d866342c5274185
ovl: verify upper dentry before unlink and rename · torvalds/linux@11f3710 · GitHubIssue Tracking;Patch
-
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
Oracle VM Server for x86 Bulletin - July 2016Vendor Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=1355650
1355650 – (CVE-2016-6197) CVE-2016-6197 kernel: overlayfs: missing upper dentry verification before unlink and renameIssue Tracking
-
http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
Oracle Linux Bulletin - July 2016Third Party Advisory
-
http://www.securityfocus.com/bid/91709
Linux Kernel Multiple Denial of Service Vulnerabilities
Jump to