what you don't know can hurt you
Showing 1 - 3 of 3 RSS Feed

CVE-2016-9644

Status Candidate

Overview

The __get_user_asm_ex macro in arch/x86/include/asm/uaccess.h in the Linux kernel 4.4.22 through 4.4.28 contains extended asm statements that are incompatible with the exception table, which allows local users to obtain root access on non-SMEP platforms via a crafted application. NOTE: this vulnerability exists because of incorrect backporting of the CVE-2016-9178 patch to older kernels.

Related Files

Ubuntu Security Notice USN-3161-4
Posted Dec 20, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3161-4 - Tilman Schmidt and Sasha Levin discovered a use-after-free condition in the TTY implementation in the Linux kernel. A local attacker could use this to expose sensitive information. It was discovered that the Video For Linux Two implementation in the Linux kernel did not properly handle multiple planes when processing a VIDIOC_DQBUF ioctl. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-8964, CVE-2016-4568, CVE-2016-6213, CVE-2016-7097, CVE-2016-7425, CVE-2016-8630, CVE-2016-8633, CVE-2016-8645, CVE-2016-8658, CVE-2016-9555, CVE-2016-9644
MD5 | 6e14161cd73c168795efc26ed7993e4a
Ubuntu Security Notice USN-3146-2
Posted Nov 30, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3146-2 - USN-3146-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that the __get_user_asm_ex implementation in the Linux kernel for x86/x86_64 contained extended asm statements that were incompatible with the exception table. A local attacker could use this to gain administrative privileges. Various other issues were also addressed.

tags | advisory, x86, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2016-7097, CVE-2016-7425, CVE-2016-8658, CVE-2016-9644
MD5 | 097cc04c8dec8f47a6f9e994ad83f1d2
Ubuntu Security Notice USN-3146-1
Posted Nov 30, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3146-1 - It was discovered that the __get_user_asm_ex implementation in the Linux kernel for x86/x86_64 contained extended asm statements that were incompatible with the exception table. A local attacker could use this to gain administrative privileges. Andreas Gruenbacher and Jan Kara discovered that the filesystem implementation in the Linux kernel did not clear the setgid bit during a setxattr call. A local attacker could use this to possibly elevate group privileges. Various other issues were also addressed.

tags | advisory, x86, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-7097, CVE-2016-7425, CVE-2016-8658, CVE-2016-9644
MD5 | 5db8f822195c3e9c1e40863156b060b3
Page 1 of 1
Back1Next

File Archive:

July 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    34 Files
  • 2
    Jul 2nd
    15 Files
  • 3
    Jul 3rd
    9 Files
  • 4
    Jul 4th
    8 Files
  • 5
    Jul 5th
    2 Files
  • 6
    Jul 6th
    3 Files
  • 7
    Jul 7th
    1 Files
  • 8
    Jul 8th
    15 Files
  • 9
    Jul 9th
    15 Files
  • 10
    Jul 10th
    20 Files
  • 11
    Jul 11th
    17 Files
  • 12
    Jul 12th
    15 Files
  • 13
    Jul 13th
    2 Files
  • 14
    Jul 14th
    1 Files
  • 15
    Jul 15th
    20 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close