Fedora 22 update for kernel
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 5 |
| CVE-ID | CVE-2016-3961 CVE-2016-3955 CVE-2016-3672 CVE-2015-8839 CVE-2016-3951 |
| CWE-ID | CWE-20 CWE-125 CWE-400 CWE-362 CWE-415 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #3 is available. |
| Vulnerable software |
Fedora Operating systems & Components / Operating system kernel Operating systems & Components / Operating system package or component |
| Vendor | Fedoraproject |
Security Bulletin
This security bulletin contains information about 5 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU33074
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2016-3961
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to perform a denial of service (DoS) attack.
Xen and the Linux kernel through 4.5.x do not properly suppress hugetlbfs support in x86 PV guests, which allows local PV guest OS users to cause a denial of service (guest OS crash) by attempting to access a hugetlbfs mapped area.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 22
kernel: before 4.4.8-200.fc22
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2016-373c063e79
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Out-of-bounds read
EUVDB-ID: #VU90378
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2016-3955
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The vulnerability exists due to an out-of-bounds read error within the usbip_recv_xbuff() function in drivers/usb/usbip/usbip_common.c. A remote non-authenticated attacker can execute arbitrary code.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 22
kernel: before 4.4.8-200.fc22
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2016-373c063e79
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Resource exhaustion
EUVDB-ID: #VU12259
Risk: Low
CVSSv4.0: 1.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2016-3672
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: Yes
DescriptionThe vulnerability allows a local attacker to bypass security restrictions on the target system.
The weakness exists in the arch_pick_mmap_layout function in arch/x86/mm/mmap.c due to improper randomizing of the legacy base address. A local attacker can disable stack-consumption resource limits, defeat the intended restrictions on the ADDR_NO_RANDOMIZE flag and bypass the ASLR protection mechanism for a setuid or setgid program.
Install updates from vendor's repository.
Vulnerable software versionsFedora: 22
kernel: before 4.4.8-200.fc22
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2016-373c063e79
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
4) Race condition
EUVDB-ID: #VU91494
Risk: Medium
CVSSv4.0: 2.1 [CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2015-8839
Exploit availability: No
DescriptionThe vulnerability allows a local non-authenticated attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the init_once() function in fs/ext4/super.c, within the ext4_punch_hole(), ext4_setattr(), ext4_page_mkwrite() and block_page_mkwrite_return() functions in fs/ext4/inode.c, within the ext4_dax_fault() and ext4_dax_pmd_fault() functions in fs/ext4/file.c, within the ext4_zero_range(), ext4_collapse_range() and ext4_insert_range() functions in fs/ext4/extents.c. A local non-authenticated attacker can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 22
kernel: before 4.4.8-200.fc22
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2016-373c063e79
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Double free
EUVDB-ID: #VU90904
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2016-3951
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local non-authenticated attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the drivers/net/usb/usbnet.c. A local non-authenticated attacker can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 22
kernel: before 4.4.8-200.fc22
CPE2.3 External linkshttps://bodhi.fedoraproject.org/updates/FEDORA-2016-373c063e79
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
