Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.8
CVSSv3

CVE-2016-4565

Published: 23/05/2016 Updated: 17/01/2023
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 641
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Linux Kernel

Vulnerability Summary

The InfiniBand (aka IB) stack in the Linux kernel prior to 4.5.3 incorrectly relies on the write system call, which allows local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface.

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel

canonical ubuntu linux 15.10

canonical ubuntu linux 14.04

canonical ubuntu linux 16.04

canonical ubuntu linux 12.04

debian debian linux 8.0

Vendor Advisories

Debian CVElist Bug Report Logs: linux: CVE-2016-4557: [Local root exploit] Use after free via double-fdput in bpf
Debian Bug report logs - #823603 linux: CVE-2016-4557: [Local root exploit] Use after free via double-fdput in bpf Package: src:linux; Maintainer for src:linux is Debian Kernel Team <debian-kernel@listsdebianorg>; Reported by: <mike_b@tutanotacom> Date: Fri, 6 May 2016 12:18:01 UTC Severity: critical Tags: securi ...
Debian Security Advisories: DSA-3607-1 linux -- security update
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks CVE-2015-7515, CVE-2016-2184, CVE-2016-2185, CVE-2016-2186, CVE-2016-2187, CVE-2016-3136, CVE-2016-3137, CVE-2016-3138, CVE-2016-3140 Ralf Spenneberg of OpenSource Sec ...
Amazon Linux AMI: ALAS-2016-703
The Linux kernel did not properly suppress hugetlbfs support in x86 PV guests, which could allow local PV guest users to cause a denial of service (guest OS crash) by attempting to access a hugetlbfs mapped area (CVE-2016-3961 / XSA-174) A flaw was found in the way the Linux kernel's ASN1 DER decoder processed certain certificate files with tags ...
Red Hat: CVE-2016-4565
A flaw was found in the way certain interfaces of the Linux kernel's Infiniband subsystem used write() as bi-directional ioctl() replacement, which could lead to insufficient memory security checks when being invoked using the splice() system call A local unprivileged user on a system with either Infiniband hardware present or RDMA Userspace Conne ...
Ubuntu Security Notice: linux-lts-trusty vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux-lts-xenial vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux-ti-omap4 vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux-raspi2 vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux-lts-vivid vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux-raspi2 vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux-lts-wily vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux-lts-utopic vulnerabilities
Several security issues were fixed in the kernel ...

References

CWE-264https://github.com/torvalds/linux/commit/e6bd18f57aad1a2d1ef40e646d03ed0f2515c9e3http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.3http://www.openwall.com/lists/oss-security/2016/05/07/1http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e6bd18f57aad1a2d1ef40e646d03ed0f2515c9e3https://bugzilla.redhat.com/show_bug.cgi?id=1310570http://www.ubuntu.com/usn/USN-3018-1http://www.ubuntu.com/usn/USN-3019-1http://www.ubuntu.com/usn/USN-3018-2https://access.redhat.com/errata/RHSA-2016:1341https://access.redhat.com/errata/RHSA-2016:1277https://access.redhat.com/errata/RHSA-2016:1301http://www.ubuntu.com/usn/USN-3002-1http://www.ubuntu.com/usn/USN-3001-1http://www.ubuntu.com/usn/USN-3004-1http://www.ubuntu.com/usn/USN-3003-1http://www.ubuntu.com/usn/USN-3021-1http://www.ubuntu.com/usn/USN-3005-1http://www.ubuntu.com/usn/USN-3021-2http://www.ubuntu.com/usn/USN-3007-1http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.htmlhttp://www.ubuntu.com/usn/USN-3006-1http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.htmlhttp://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.htmlhttp://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.htmlhttp://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.htmlhttp://www.securityfocus.com/bid/90301http://www.debian.org/security/2016/dsa-3607http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.htmlhttp://rhn.redhat.com/errata/RHSA-2016-1617.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-08/msg00023.htmlhttp://rhn.redhat.com/errata/RHSA-2016-1581.htmlhttp://rhn.redhat.com/errata/RHSA-2016-1657.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.htmlhttp://rhn.redhat.com/errata/RHSA-2016-1489.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.htmlhttp://rhn.redhat.com/errata/RHSA-2016-1640.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-08/msg00017.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.htmlhttp://rhn.redhat.com/errata/RHSA-2016-1814.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.htmlhttps://access.redhat.com/errata/RHSA-2016:1406https://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823603https://usn.ubuntu.com/3018-2/https://www.debian.org/security/./dsa-3607
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionCVE-2006-4304CVE-2023-26603CVE-2024-28327CVE-2023-50363CVE-2024-21905template injectionCVE-2024-3400cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook