First published: Fri May 06 2016(Updated: )
fs/pnode.c in the Linux kernel before 4.5.4 does not properly traverse a mount propagation tree in a certain case involving a slave mount, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted series of mount system calls.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Canonical Ubuntu Linux | =12.04 | |
Canonical Ubuntu Linux | =14.04 | |
Canonical Ubuntu Linux | =15.10 | |
Canonical Ubuntu Linux | =16.04 | |
Linux Linux kernel | <=4.5.3 | |
Oracle Linux | =6 | |
debian/linux | 5.10.223-1 5.10.226-1 6.1.115-1 6.1.119-1 6.12.5-1 6.12.6-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2016-4581.
The severity of CVE-2016-4581 is medium.
The affected software versions include Linux kernel 3.13.0-87.133, 4.2.0-38.45, 4.4.0-24.43, and 4.6~.
To fix CVE-2016-4581, update your Linux kernel to version 4.5.4 or later.
You can find more information about CVE-2016-4581 in the references: [1](https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5ec0811d30378ae104f250bfc9b3640242d81e3f), [2](https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1333713), [3](http://seclists.org/oss-sec/2016/q2/313).