First published: Fri May 13 2016(Updated: )
A use after free vulnerability was found in ppp_unregister_channel function. This is triggered when network namespace is removed while ppp_async channel is still registered in it and ppp_unregister_channel() tries to access its per-netns data in the defunct namespace. An attacker who could control this memory that is being used in the defunct namespace could create a denial of service by spinlocking a CPU. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely. Upstream patch: <a href="https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1f461dcdd296eecedaffffc6bae2bfa90bd7eb89">https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1f461dcdd296eecedaffffc6bae2bfa90bd7eb89</a> CVE request: <a href="http://seclists.org/oss-sec/2016/q2/319">http://seclists.org/oss-sec/2016/q2/319</a>
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Novell Suse Linux Enterprise Desktop | =12.0 | |
Novell Suse Linux Enterprise Workstation Extension | =12.0 | |
Google Android | =12.0 | |
Novell Suse Linux Enterprise Server | =11.0-sp4 | |
Novell Opensuse Leap | =42.1 | |
Novell Suse Linux Enterprise Software Development Kit | =11.0-sp4 | |
Redhat Enterprise Linux | =6.0 | |
Canonical Ubuntu Linux | =12.04 | |
Linux Linux kernel | >=2.6.30<3.2.80 | |
Linux Linux kernel | >=3.3<3.10.102 | |
Linux Linux kernel | >=3.11<3.12.59 | |
Linux Linux kernel | >=3.13<3.14.67 | |
Linux Linux kernel | >=3.15<3.16.35 | |
Linux Linux kernel | >=3.17<3.18.37 | |
Linux Linux kernel | >=3.19<4.1.28 | |
Linux Linux kernel | >=4.2<4.4.8 | |
Linux Linux kernel | >=4.5<4.5.2 | |
Novell Suse Linux Enterprise Software Development Kit | =12.0 | |
Novell Suse Linux Enterprise Workstation Extension | =12.0-sp1 | |
Novell Suse Linux Enterprise Server | =12.0 | |
Novell Suse Linux Enterprise Desktop | =12.0-sp1 | |
Redhat Enterprise Linux | =7.0 | |
Oracle Linux | =6 | |
Novell Suse Linux Enterprise Real Time Extension | =11.0-sp4 | |
Novell Suse Linux Enterprise Server | =12.0-sp1 | |
Novell Suse Linux Enterprise Real Time Extension | =12.0-sp1 | |
Novell Suse Linux Enterprise Software Development Kit | =12.0-sp1 | |
Novell Suse Linux Enterprise Live Patching | =12.0 | |
Novell Suse Linux Enterprise Module For Public Cloud | =12.0 | |
debian/linux | 5.10.223-1 5.10.226-1 6.1.115-1 6.1.119-1 6.11.10-1 6.12.5-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2016-4805
The severity level of CVE-2016-4805 is low.
The use-after-free vulnerability can cause a denial of service (memory corruption and system crash) or possibly have other unspecified impacts.
Yes, upgrading to Linux kernel version 4.5.2 or later can fix the vulnerability.
You can find more information about CVE-2016-4805 in the references: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1f461dcdd296eecedaffffc6bae2bfa90bd7eb89, http://seclists.org/oss-sec/2016/q2/319, https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1335804.