7.8
CWE
416
Advisory Published
CVE Published
Updated

CVE-2016-4805: Use After Free

First published: Fri May 13 2016(Updated: )

A use after free vulnerability was found in ppp_unregister_channel function. This is triggered when network namespace is removed while ppp_async channel is still registered in it and ppp_unregister_channel() tries to access its per-netns data in the defunct namespace. An attacker who could control this memory that is being used in the defunct namespace could create a denial of service by spinlocking a CPU. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely. Upstream patch: <a href="https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1f461dcdd296eecedaffffc6bae2bfa90bd7eb89">https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1f461dcdd296eecedaffffc6bae2bfa90bd7eb89</a> CVE request: <a href="http://seclists.org/oss-sec/2016/q2/319">http://seclists.org/oss-sec/2016/q2/319</a>

Credit: cve@mitre.org cve@mitre.org

Affected SoftwareAffected VersionHow to fix
Novell Suse Linux Enterprise Desktop=12.0
Novell Suse Linux Enterprise Workstation Extension=12.0
Google Android=12.0
Novell Suse Linux Enterprise Server=11.0-sp4
Novell Opensuse Leap=42.1
Novell Suse Linux Enterprise Software Development Kit=11.0-sp4
Redhat Enterprise Linux=6.0
Canonical Ubuntu Linux=12.04
Linux Linux kernel>=2.6.30<3.2.80
Linux Linux kernel>=3.3<3.10.102
Linux Linux kernel>=3.11<3.12.59
Linux Linux kernel>=3.13<3.14.67
Linux Linux kernel>=3.15<3.16.35
Linux Linux kernel>=3.17<3.18.37
Linux Linux kernel>=3.19<4.1.28
Linux Linux kernel>=4.2<4.4.8
Linux Linux kernel>=4.5<4.5.2
Novell Suse Linux Enterprise Software Development Kit=12.0
Novell Suse Linux Enterprise Workstation Extension=12.0-sp1
Novell Suse Linux Enterprise Server=12.0
Novell Suse Linux Enterprise Desktop=12.0-sp1
Redhat Enterprise Linux=7.0
Oracle Linux=6
Novell Suse Linux Enterprise Real Time Extension=11.0-sp4
Novell Suse Linux Enterprise Server=12.0-sp1
Novell Suse Linux Enterprise Real Time Extension=12.0-sp1
Novell Suse Linux Enterprise Software Development Kit=12.0-sp1
Novell Suse Linux Enterprise Live Patching=12.0
Novell Suse Linux Enterprise Module For Public Cloud=12.0
debian/linux
5.10.223-1
5.10.226-1
6.1.115-1
6.1.119-1
6.11.10-1
6.12.5-1

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Reference Links

Frequently Asked Questions

  • What is the vulnerability ID for this use-after-free vulnerability?

    CVE-2016-4805

  • What is the severity level of CVE-2016-4805?

    The severity level of CVE-2016-4805 is low.

  • How can the use-after-free vulnerability in Linux kernel before 4.5.2 impact my system?

    The use-after-free vulnerability can cause a denial of service (memory corruption and system crash) or possibly have other unspecified impacts.

  • Is there a fix available for CVE-2016-4805?

    Yes, upgrading to Linux kernel version 4.5.2 or later can fix the vulnerability.

  • Where can I find more information about CVE-2016-4805?

    You can find more information about CVE-2016-4805 in the references: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1f461dcdd296eecedaffffc6bae2bfa90bd7eb89, http://seclists.org/oss-sec/2016/q2/319, https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1335804.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203