Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7
CVSSv3

CVE-2016-4558

Published: 23/05/2016 Updated: 07/06/2023
CVSS v2 Base Score: 6.9 | Impact Score: 10 | Exploitability Score: 3.4
CVSS v3 Base Score: 7 | Impact Score: 5.9 | Exploitability Score: 1
VMScore: 695
Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Linux

Vulnerability Summary

The BPF subsystem in the Linux kernel prior to 4.5.5 mishandles reference counts, which allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted application on (1) a system with more than 32 Gb of memory, related to the program reference count or (2) a 1 Tb system, related to the map reference count.

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel

canonical ubuntu linux 16.04

canonical ubuntu linux 14.04

Vendor Advisories

Debian CVElist Bug Report Logs: linux: CVE-2016-4557: [Local root exploit] Use after free via double-fdput in bpf
Debian Bug report logs - #823603 linux: CVE-2016-4557: [Local root exploit] Use after free via double-fdput in bpf Package: src:linux; Maintainer for src:linux is Debian Kernel Team <debian-kernel@listsdebianorg>; Reported by: <mike_b@tutanotacom> Date: Fri, 6 May 2016 12:18:01 UTC Severity: critical Tags: securi ...
Ubuntu Security Notice: linux-lts-xenial vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux-raspi2 vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux vulnerabilities
Several security issues were fixed in the kernel ...
Amazon Linux AMI: ALAS-2016-703
The Linux kernel did not properly suppress hugetlbfs support in x86 PV guests, which could allow local PV guest users to cause a denial of service (guest OS crash) by attempting to access a hugetlbfs mapped area (CVE-2016-3961 / XSA-174) A flaw was found in the way the Linux kernel's ASN1 DER decoder processed certain certificate files with tags ...
Red Hat: CVE-2016-4558
A flaw was found in the Linux kernel's implementation of BPF in which systems can application can overflow a 32 bit refcount in both program and map refcount This refcount can wrap and end up a user after free ...

Exploits

Exploit DB: Linux Kernel (Ubuntu 16.04) - Reference Count Overflow Using BPF Maps
Source: bugschromiumorg/p/project-zero/issues/detail?id=809 Most things in the kernel use 32-bit reference counters, relying on the fact that the memory constraints of real computers make it impossible to create enough references to overflow the counters There are exceptions for things like `struct file` because it is possible to create ...

References

NVD-CWE-Otherhttps://github.com/torvalds/linux/commit/92117d8443bc5afacc8d5ba82e541946310f106ehttp://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5http://www.openwall.com/lists/oss-security/2016/05/06/4https://bugzilla.redhat.com/show_bug.cgi?id=1334303http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=92117d8443bc5afacc8d5ba82e541946310f106ehttp://www.ubuntu.com/usn/USN-3007-1http://www.ubuntu.com/usn/USN-3005-1http://www.ubuntu.com/usn/USN-3006-1https://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823603https://usn.ubuntu.com/3005-1/https://www.exploit-db.com/exploits/39773/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322cross-site request forgeryunauthorizedCVE-2024-33925reflected XSSCVE-2023-51580CVE-2023-51579CVE-2015-2051CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook