Main Vulnerability Database SB2016111104

SB2016111104 - Ubuntu update for Linux kernel (Qualcomm Snapdragon)

Published: November 11, 2016

Security Bulletin ID SB2016111104

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Denial of service (CVE-ID: CVE-2016-7042)

CWE-ID: CWE-131 - Incorrect Calculation of Buffer Size

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local user to cause DoS conditions on the target system.
The weakness exists due to using of incorrect buffer size for certain timeout data by the proc_keys_show function in security/keys/proc.c while enabling of GNU Compiler Collection (gcc) stack protector. By reading the /proc/keys file attackers can trigger stack memory corruption.
Successful exploitation of the vulnerability may result in denial of service on the vulnerable system.

Remediation

Install update from vendor's website.

References

http://www.ubuntu.com/usn/usn-3128-3/