#VU358 Race condition in Oracle VM Server for x86 and Oracle Linux - CVE-2016-6136
Vulnerability identifier: #VU358
Vulnerability risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-362
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Oracle VM Server for x86
Server applications /
Other server solutions
Oracle Linux
Operating systems & Components /
Operating system
Vendor: Oracle
Description
The vulnerability allows local users to interrupt system-call auditing.
The vulnerability exists due to parafunction of audit_log_single_execve_arg. By altering "double fetch" vulnerability, a local user can bypass set limitations and interrupt system-call auditing.
Successful exploitation of this vulnerability will allow an attacker to interrupt system-call auditing and perform a race condition.
Vulnerable software versions
Oracle VM Server for x86: 3.2 - 3.4
Oracle Linux: 5 - 7
External links
https://www.securityfocus.com/archive/1/538835/30/0/threaded
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=43761473c254b45883a64441dd0bc85a42f3645c
https://bugzilla.kernel.org/show_bug.cgi?id=120681
https://bugzilla.redhat.com/show_bug.cgi?id=1353533
https://github.com/linux-audit/audit-kernel/issues/18
https://github.com/torvalds/linux/commit/43761473c254b45883a64441dd0bc85a42f3645c
https://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
https://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
https://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
