First published: Tue Jul 12 2016(Updated: )
fs/overlayfs/dir.c in the OverlayFS filesystem implementation in the Linux kernel before 4.6 does not properly verify the upper dentry before proceeding with unlink and rename system-call processing, which allows local users to cause a denial of service (system crash) via a rename system call that specifies a self-hardlink.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Oracle Linux | =6 | |
Linux Linux kernel | <=4.5.7 | |
Oracle VM Server | =3.4 | |
debian/linux | 5.10.223-1 5.10.226-1 6.1.115-1 6.1.119-1 6.12.5-1 6.12.6-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2016-6197.
The severity of CVE-2016-6197 is medium.
Linux kernel versions before 4.6 are affected by CVE-2016-6197.
Local users can exploit CVE-2016-6197 by using a rename system call that triggers a denial of service, causing a system crash.
Yes, a fix for CVE-2016-6197 is available in Linux kernel version 4.6 and later.