|
|
Subscribe / Log in / New account

kernel: two vulnerabilities

Package(s):kernel CVE #(s):CVE-2016-4569 CVE-2016-4558
Created:May 25, 2016 Updated:May 25, 2016
Description: From the Red Hat bugzilla:

CVE-2016-4569: A vulnerability was found in Linux kernel. There is an information leak in file sound/core/timer.c of the latest mainline Linux kernel, the stack object “tread” has a total size of 32 bytes. It contains a 8-bytes padding, which is not initialized but sent to user via copy_to_user, resulting a kernel leak.

CVE-2016-4558: A flaw was found in the Linux kernel's implementation of BPF in which systems with more than 32GB of physical memory and unlimited RLIMIT_MEMLOCK settings an application can overflow a 32 bit refcount.

Additionally in the same environment, malicious applications can overflow a map refcount on larger memory (1Tb). When the overflow wraps to zero a reference can be held while being free'd. This can lead to a use after free.

Alerts:
Red Hat RHSA-2016:2584-02 kernel-rt 2016-11-03
Red Hat RHSA-2016:2574-02 kernel 2016-11-03
openSUSE openSUSE-SU-2016:2290-1 kernel 2016-09-12
SUSE SUSE-SU-2016:2245-1 kernel 2016-09-06
openSUSE openSUSE-SU-2016:2184-1 kernel 2016-08-29
openSUSE openSUSE-SU-2016:2144-1 kernel 2016-08-24
SUSE SUSE-SU-2016:2105-1 the Linux Kernel 2016-08-19
SUSE SUSE-SU-2016:1985-1 kernel 2016-08-08
SUSE SUSE-SU-2016:1937-1 kernel 2016-08-02
SUSE SUSE-SU-2017:0333-1 kernel 2017-01-30
Ubuntu USN-3021-2 linux-ti-omap4 2016-06-27
Ubuntu USN-3016-3 linux-snapdragon 2016-06-27
Ubuntu USN-3017-2 linux-raspi2 2016-06-27
Ubuntu USN-3016-2 linux-raspi2 2016-06-27
Ubuntu USN-3016-4 linux-lts-xenial 2016-06-27
Ubuntu USN-3017-3 linux-lts-wily 2016-06-27
Ubuntu USN-3020-1 linux-lts-vivid 2016-06-27
Ubuntu USN-3019-1 linux-lts-utopic 2016-06-27
Ubuntu USN-3018-2 linux-lts-trusty 2016-06-27
Ubuntu USN-3021-1 kernel 2016-06-27
Ubuntu USN-3018-1 kernel 2016-06-27
Ubuntu USN-3017-1 kernel 2016-06-27
Ubuntu USN-3016-1 kernel 2016-06-27
SUSE SUSE-SU-2016:1690-1 kernel 2016-06-27
SUSE SUSE-SU-2016:1696-1 kernel 2016-06-28
Debian DSA-3607-1 kernel 2016-06-28
SUSE SUSE-SU-2016:1672-1 the Linux Kernel 2016-06-24
openSUSE openSUSE-SU-2016:1641-1 kernel 2016-06-21
Debian-LTS DLA-516-1 kernel 2016-06-17
Ubuntu USN-3007-1 linux-raspi2 2016-06-10
Ubuntu USN-3005-1 linux-lts-xenial 2016-06-10
Ubuntu USN-3006-1 kernel 2016-06-10
Fedora FEDORA-2016-06f1572324 kernel 2016-06-02
Fedora FEDORA-2016-84fdc82b74 kernel 2016-05-25
Scientific Linux SLSA-2016:2574-2 kernel 2016-12-14
Oracle ELSA-2016-3646 kernel 2.6.39 2016-11-21
Oracle ELSA-2016-3646 kernel 2.6.39 2016-11-21
Oracle ELSA-2016-3645 kernel 3.8.13 2016-11-21
Oracle ELSA-2016-3645 kernel 3.8.13 2016-11-21
Oracle ELSA-2016-3644 kernel 4.1.12 2016-11-21
Oracle ELSA-2016-3644 kernel 4.1.12 2016-11-21
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds