Published: 27/06/2016 Updated: 28/11/2016

CVSS v2 Base Score: 5.4 | Impact Score: 7.8 | Exploitability Score: 3.4

CVSS v3 Base Score: 6.3 | Impact Score: 5.2 | Exploitability Score: 1

VMScore: 481

Vector: AV:L/AC:M/Au:N/C:P/I:N/A:C

Race condition in the vop_ioctl function in drivers/misc/mic/vop/vop_vringh.c in the MIC VOP driver in the Linux kernel prior to 4.6.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (memory corruption and system crash) by changing a certain header, aka a "double fetch" vulnerability.

Vulnerable Product	Search on Vulmon	Subscribe to Product
debian debian linux 8.0
linux linux kernel

Several security issues were fixed in the kernel ...

Race condition vulnerability was found in drivers/misc/mic/vop/vop_vringhc in the MIC VOP driver in the Linux kernel before 461 MIC VOP driver does two successive reads from user space to read a variable length data structure Local user can obtain sensitive information from kernel memory or can cause DoS by corrupting kernel memory if the data ...

CWE-119 https://github.com/torvalds/linux/commit/9bf292bfca94694a721449e3fd752493856710f6 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.1 https://bugzilla.kernel.org/show_bug.cgi?id=116651 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9bf292bfca94694a721449e3fd752493856710f6 http://www.securityfocus.com/archive/1/538802/30/0/threaded http://www.debian.org/security/2016/dsa-3616 http://www.ubuntu.com/usn/USN-3070-2 http://www.ubuntu.com/usn/USN-3071-1 http://www.ubuntu.com/usn/USN-3070-1 http://www.ubuntu.com/usn/USN-3070-3 http://www.ubuntu.com/usn/USN-3070-4 http://www.ubuntu.com/usn/USN-3071-2 https://nvd.nist.gov https://usn.ubuntu.com/3071-2/

CVE-2016-5728

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect