CVE-2016-4565
First published: Mon Feb 22 2016(Updated: )
It was reported that drivers/infiniband stack uses write() as a replacement for bi-directional ioctl(), which is not safe. There are ways to trigger write calls that result in the return structure that is normally written to user space being shunted off to user specified kernel memory instead. A local unprivileged user on a system with rdma_ucm module loaded could use this flaw to escalate their privileges. Upstream patch: <a href="https://git.kernel.org/linus/e6bd18f57aad1a2d1ef40e646d03ed0f2515c9e3">https://git.kernel.org/linus/e6bd18f57aad1a2d1ef40e646d03ed0f2515c9e3</a> CVE-ID request and assignment: <a href="http://seclists.org/oss-sec/2016/q2/269">http://seclists.org/oss-sec/2016/q2/269</a> <a href="http://seclists.org/oss-sec/2016/q2/274">http://seclists.org/oss-sec/2016/q2/274</a>
Credit: security@debian.org security@debian.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Linux kernel | <3.2.81 | |
| Linux Linux kernel | >=3.3<3.10.103 | |
| Linux Linux kernel | >=3.11<3.12.61 | |
| Linux Linux kernel | >=3.13<3.14.76 | |
| Linux Linux kernel | >=3.15<3.16.36 | |
| Linux Linux kernel | >=3.17<3.18.34 | |
| Linux Linux kernel | >=3.19<4.1.25 | |
| Linux Linux kernel | >=4.2<4.4.9 | |
| Linux Linux kernel | >=4.5<4.5.3 | |
| Canonical Ubuntu Linux | =12.04 | |
| Canonical Ubuntu Linux | =14.04 | |
| Canonical Ubuntu Linux | =15.10 | |
| Canonical Ubuntu Linux | =16.04 | |
| Debian Debian Linux | =8.0 | |
| debian/linux | 5.10.223-1 5.10.226-1 6.1.115-1 6.1.119-1 6.11.10-1 6.12.5-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e6bd18f57aad1a2d1ef40e646d03ed0f2515c9e3
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00017.html
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00023.html
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html
- http://rhn.redhat.com/errata/RHSA-2016-1489.html
- http://rhn.redhat.com/errata/RHSA-2016-1581.html
- http://rhn.redhat.com/errata/RHSA-2016-1617.html
- http://rhn.redhat.com/errata/RHSA-2016-1640.html
- http://rhn.redhat.com/errata/RHSA-2016-1657.html
- http://rhn.redhat.com/errata/RHSA-2016-1814.html
- http://www.debian.org/security/2016/dsa-3607
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.3
- http://www.openwall.com/lists/oss-security/2016/05/07/1
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.securityfocus.com/bid/90301
- http://www.ubuntu.com/usn/USN-3001-1
- http://www.ubuntu.com/usn/USN-3002-1
- http://www.ubuntu.com/usn/USN-3003-1
- http://www.ubuntu.com/usn/USN-3004-1
- http://www.ubuntu.com/usn/USN-3005-1
- http://www.ubuntu.com/usn/USN-3006-1
- http://www.ubuntu.com/usn/USN-3007-1
- http://www.ubuntu.com/usn/USN-3018-1
- http://www.ubuntu.com/usn/USN-3018-2
- http://www.ubuntu.com/usn/USN-3019-1
- http://www.ubuntu.com/usn/USN-3021-1
- http://www.ubuntu.com/usn/USN-3021-2
- https://access.redhat.com/errata/RHSA-2016:1277
- https://access.redhat.com/errata/RHSA-2016:1301
- https://access.redhat.com/errata/RHSA-2016:1341
- https://access.redhat.com/errata/RHSA-2016:1406
- https://bugzilla.redhat.com/show_bug.cgi?id=1310570
- https://github.com/torvalds/linux/commit/e6bd18f57aad1a2d1ef40e646d03ed0f2515c9e3
- https://launchpad.net/bugs/cve/CVE-2016-4565
- https://git.kernel.org/linus/e6bd18f57aad1a2d1ef40e646d03ed0f2515c9e3
- http://seclists.org/oss-sec/2016/q2/269
- http://seclists.org/oss-sec/2016/q2/274
- https://access.redhat.com/security/cve/CVE-2016-2189
- https://access.redhat.com/security/cve/CVE-2016-4565
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1334217
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1310570#c5
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1336754
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1310570#c17
- https://www.redhat.com/en/services/support
- https://rhn.redhat.com/errata/RHSA-2016-1489.html
- https://rhn.redhat.com/errata/RHSA-2016-1581.html
- https://rhn.redhat.com/errata/RHSA-2016-1617.html
- https://rhn.redhat.com/errata/RHSA-2016-1640.html
- https://rhn.redhat.com/errata/RHSA-2016-1657.html
- https://rhn.redhat.com/errata/RHSA-2016-1814.html
- https://security-tracker.debian.org/tracker/CVE-2016-4565
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4565
- https://nvd.nist.gov/vuln/detail/CVE-2016-4565
- https://ubuntu.com/security/CVE-2016-4565
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2016-4565.
What is the affected software?
The affected software is the InfiniBand (aka IB) stack in the Linux kernel before 4.5.3.
What is the severity of CVE-2016-4565?
The severity of CVE-2016-4565 is high.
How can local users exploit this vulnerability?
Local users can exploit this vulnerability by causing a denial of service (kernel memory write operation) or possibly having unspecified other impact via a uAPI interface.
How can I fix CVE-2016-4565?
To fix CVE-2016-4565, update the Linux kernel to version 4.5.3 or later.
- collector/nvd-index
- agent/type
- agent/remedy
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2016-4565
- agent/author
- agent/severity
- agent/weakness
- collector/mitre-cve
- source/MITRE
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/tags
- agent/description
- agent/event
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- agent/trending
- vendor/linux
- canonical/linux linux kernel
- version/linux linux kernel/3.3
- version/linux linux kernel/3.11
- version/linux linux kernel/3.13
- version/linux linux kernel/3.15
- version/linux linux kernel/3.17
- version/linux linux kernel/3.19
- version/linux linux kernel/4.2
- version/linux linux kernel/4.5
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/12.04
- version/canonical ubuntu linux/14.04
- version/canonical ubuntu linux/15.10
- version/canonical ubuntu linux/16.04
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/8.0
- package-manager/debian