Published: 27/04/2016 Updated: 12/09/2023

CVSS v2 Base Score: 4.9 | Impact Score: 6.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 6.2 | Impact Score: 3.6 | Exploitability Score: 2.5

VMScore: 436

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

fs/pipe.c in the Linux kernel prior to 4.5 does not limit the amount of unread data in pipes, which allows local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel
novell suse linux enterprise module for public cloud 12.0
novell suse linux enterprise server 11.0
novell suse linux enterprise server 12.0
novell suse linux enterprise live patching 12.0
novell suse linux enterprise real time extension 11.0
novell suse linux enterprise desktop 12.0
novell suse linux enterprise real time extension 12.0
novell suse linux enterprise workstation extension 12.0
novell suse linux enterprise debuginfo 11.0
novell suse linux enterprise software development kit 11.0
novell suse linux enterprise software development kit 12.0

Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 72 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabili ...

Synopsis Important: kernel security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring S ...

When running as a Xen 64-bit PV guest, user mode processes not supposed to be able to access I/O ports may be granted such permission, potentially resulting in one or more of in-guest privilege escalation, guest crashes (Denial of Service), or in-guest information leaks (CVE-2016-3157) In some cases, the kernel did not correctly fix backward jumps ...

It is possible for a single process to cause an OOM condition by filling large pipes with data that are never read A typical process filling 4096 pipes with 1 MB of data will use 4 GB of memory and there can be multiple such processes, up to a per-user-limit ...

Several security issues were fixed in the kernel ...

USN 2948-1 introduced a regression in the Ubuntu 1410 Linux kernel backported to Ubuntu 1404 LTS ...

Several security issues were fixed in the kernel ...

Ubuntu plugs code exec, DoS Linux kernel holes

The Register • Team Register • 07 Apr 2016

This is kind of a big deal because the mess is in 14.04 LTS, expiry date 2019

Ubuntu has patched four Linux kernel vulnerabilities that allowed for arbitrary code execution and denial of service attacjs. The flaws (CVE-2015-8812, CVE-2016-2085, CVE-2016-2550, CVE-2016-2847) is fixed in Ubuntu 14.04 LTS. Researcher Venkatesh Pottem found a use-after-free vulnerability in the Linux kernel CXGB3 driver which local hackers could use to trigger a crash or execute arbitrary code. Xiaofei Rex Guo reported a second timing side channel vulnerability in the Linux Extended Verificat...

CWE-399 https://bugzilla.redhat.com/show_bug.cgi?id=1313428 http://www.openwall.com/lists/oss-security/2016/03/01/3 https://github.com/torvalds/linux/commit/759c01142a5d0f364a462346168a56de28a80f52 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=759c01142a5d0f364a462346168a56de28a80f52 http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html http://www.securityfocus.com/bid/83870 http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html http://www.debian.org/security/2016/dsa-3503 http://www.ubuntu.com/usn/USN-2967-1 http://www.ubuntu.com/usn/USN-2967-2 http://www.ubuntu.com/usn/USN-2946-2 http://www.ubuntu.com/usn/USN-2947-3 http://www.ubuntu.com/usn/USN-2948-2 http://www.ubuntu.com/usn/USN-2947-1 http://www.ubuntu.com/usn/USN-2949-1 http://www.ubuntu.com/usn/USN-2947-2 http://www.ubuntu.com/usn/USN-2946-1 http://www.ubuntu.com/usn/USN-2948-1 http://rhn.redhat.com/errata/RHSA-2017-0217.html http://rhn.redhat.com/errata/RHSA-2016-2584.html http://rhn.redhat.com/errata/RHSA-2016-2574.html https://access.redhat.com/errata/RHSA-2017:0217 https://nvd.nist.gov https://usn.ubuntu.com/2949-1/https://alas.aws.amazon.com/ALAS-2016-669.html

CVE-2016-2847

Vulnerability Summary

Vendor Advisories

Recent Articles

References

Vulmon Search

About

Products

Connect