Race condition in Linux kernel - CVE-2016-10906
Published: August 19, 2019 / Updated: July 17, 2020
Vulnerability identifier: #VU30816
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-10906
CWE-ID: CWE-362
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local authenticated user to execute arbitrary code.
An issue was discovered in drivers/net/ethernet/arc/emac_main.c in the Linux kernel before 4.5. A use-after-free is caused by a race condition between the functions arc_emac_tx and arc_emac_tx_clean.
How to mitigate CVE-2016-10906
Install update from vendor's website.
Sources
- http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c278c253f3d992c6994d08aa0efb2b6806ca396f
- https://seclists.org/bugtraq/2019/Nov/11
- https://support.f5.com/csp/article/K01993501?utm_source=f5support&utm_medium=RSS
- https://usn.ubuntu.com/4163-1/
- https://usn.ubuntu.com/4163-2/