Published: 06/08/2016 Updated: 28/11/2016

CVSS v2 Base Score: 1.9 | Impact Score: 2.9 | Exploitability Score: 3.4

CVSS v3 Base Score: 5.1 | Impact Score: 3.6 | Exploitability Score: 1.4

VMScore: 169

Vector: AV:L/AC:M/Au:N/C:N/I:N/A:P

Race condition in the ec_device_ioctl_xcmd function in drivers/platform/chrome/cros_ec_dev.c in the Linux kernel prior to 4.7 allows local users to cause a denial of service (out-of-bounds array access) by changing a certain size value, aka a "double fetch" vulnerability.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel

Several security issues were fixed in the kernel ...

A timing flaw was found in the Chrome EC driver in the Linux kernel An attacker could abuse timing to skip validation checks to copy additional data from userspace possibly increasing privilege or crashing the system ...

CWE-362 https://bugzilla.redhat.com/show_bug.cgi?id=1353490 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=096cdc6f52225835ff503f987a0d68ef770bb78e https://bugzilla.kernel.org/show_bug.cgi?id=120131 http://seclists.org/bugtraq/2016/Jul/20 https://github.com/torvalds/linux/commit/096cdc6f52225835ff503f987a0d68ef770bb78e http://www.securityfocus.com/bid/91553 https://nvd.nist.gov https://usn.ubuntu.com/3084-1/

CVE-2016-6156

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect