Lucene search

[email protected]CVE-2016-2069

HistoryApr 27, 2016 - 5:59 p.m.

CVE-2016-2069

2016-04-2717:59:07

CWE-362

[email protected]

web.nvd.nist.gov

116

cve-2016-2069

race condition

linux kernel

privilege escalation

cpu access

nvd

4.4 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

7.4 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

6.5 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

58.6%

JSON

Race condition in arch/x86/mm/tlb.c in the Linux kernel before 4.4.1 allows local users to gain privileges by triggering access to a paging structure by a different CPU.

Affected configurations

NVD

Node

canonicalubuntu_linuxMatch12.04lts

canonicalubuntu_linuxMatch14.04lts

Node

linuxlinux_kernelRange≤4.4

CPENameOperatorVersion
canonical:ubuntu_linuxcanonical ubuntu linuxeq12.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq14.04

CPE	Name	Operator	Version
canonical:ubuntu_linux	canonical ubuntu linux	eq	12.04
canonical:ubuntu_linux	canonical ubuntu linux	eq	14.04

References

git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=71b3c126e61177eb693423f2e18a1914205b165e

lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html

lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html

lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html

lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html

rhn.redhat.com/errata/RHSA-2016-2574.html

rhn.redhat.com/errata/RHSA-2016-2584.html

rhn.redhat.com/errata/RHSA-2017-0817.html

www.debian.org/security/2016/dsa-3503

www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.1

www.openwall.com/lists/oss-security/2016/01/25/1

www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html

www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html

www.securityfocus.com/bid/81809

www.ubuntu.com/usn/USN-2931-1

www.ubuntu.com/usn/USN-2932-1

www.ubuntu.com/usn/USN-2967-1

www.ubuntu.com/usn/USN-2967-2

www.ubuntu.com/usn/USN-2989-1

www.ubuntu.com/usn/USN-2998-1

bugzilla.redhat.com/show_bug.cgi?id=1301893

github.com/torvalds/linux/commit/71b3c126e61177eb693423f2e18a1914205b165e

4.4 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

7.4 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

6.5 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

58.6%

JSON

Related for CVE-2016-2069

ubuntucve1 cvelist1 veracode1 nvd1 debiancve1 f51 prion1 nessus37 suse11 openvas28 ubuntu11 osv2 debian3 centos2 redhat3 virtuozzo2 oraclelinux3 ibm3