Published: 06/08/2016 Updated: 05/01/2018

CVSS v2 Base Score: 1.9 | Impact Score: 2.9 | Exploitability Score: 3.4

CVSS v3 Base Score: 4.7 | Impact Score: 3.6 | Exploitability Score: 1

VMScore: 170

Vector: AV:L/AC:M/Au:N/C:N/I:P/A:N

Race condition in the audit_log_single_execve_arg function in kernel/auditsc.c in the Linux kernel up to and including 4.7 allows local users to bypass intended character-set restrictions or disrupt system-call auditing by changing a certain string, aka a "double fetch" vulnerability.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel

Synopsis Moderate: kernel security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for kernel is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base ...

Synopsis Important: kernel security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring S ...

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or have other impacts CVE-2016-5696 Yue Cao, Zhiyun Qian, Zhongjie Wang, Tuan Dao, and Srikanth V Krishnamurthy of the University of California, Riverside; and Lisa M Marvel of the United States Army Research L ...

Several security issues were fixed in the kernel ...

When creating audit records for parameters to executed children processes, an attacker can convince the Linux kernel audit subsystem can create corrupt records which may allow an attacker to misrepresent or evade logging of executing commands ...

CWE-362 https://bugzilla.redhat.com/show_bug.cgi?id=1353533 https://github.com/torvalds/linux/commit/43761473c254b45883a64441dd0bc85a42f3645c https://github.com/linux-audit/audit-kernel/issues/18 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=43761473c254b45883a64441dd0bc85a42f3645c http://www.securityfocus.com/archive/1/538835/30/0/threaded https://bugzilla.kernel.org/show_bug.cgi?id=120681 https://source.android.com/security/bulletin/2016-11-01.html http://www.securityfocus.com/bid/91558 http://rhn.redhat.com/errata/RHSA-2017-0307.html http://rhn.redhat.com/errata/RHSA-2016-2584.html http://rhn.redhat.com/errata/RHSA-2016-2574.html https://access.redhat.com/errata/RHSA-2017:0307 https://nvd.nist.gov https://usn.ubuntu.com/3098-2/https://www.debian.org/security/./dsa-3659

CVE-2016-6136

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect