Denial of service in Oracle products - CVE-2016-6327
Published: October 17, 2016 / Updated: January 11, 2017
Vulnerability identifier: #VU1013
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-6327
CWE-ID: CWE-476
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Oracle
Oracle
Affected software:
Linux kernel
Oracle Linux
Oracle VM Server for x86
Linux kernel
Oracle Linux
Oracle VM Server for x86
Detailed vulnerability description
The vulnerability allows a local user to cause DoS conditions on the target system.
The weakness is caused by drivers/infiniband/ulp/srpt/ib_srpt.c. By using an ABORT_TASK command attackers can abort a device write operation that leads to NULL pointer dereference and system crash.
Successful exploitation of the vulnerability results in denial of service on the vulnerable system.
The weakness is caused by drivers/infiniband/ulp/srpt/ib_srpt.c. By using an ABORT_TASK command attackers can abort a device write operation that leads to NULL pointer dereference and system crash.
Successful exploitation of the vulnerability results in denial of service on the vulnerable system.
How to mitigate CVE-2016-6327
Update to version 4.5.1.