REDHAT-BUG-1310570
First published: Mon Feb 22 2016(Updated: )
It was reported that drivers/infiniband stack uses write() as a replacement for bi-directional ioctl(), which is not safe. There are ways to trigger write calls that result in the return structure that is normally written to user space being shunted off to user specified kernel memory instead. A local unprivileged user on a system with rdma_ucm module loaded could use this flaw to escalate their privileges. Upstream patch: <a href="https://git.kernel.org/linus/e6bd18f57aad1a2d1ef40e646d03ed0f2515c9e3">https://git.kernel.org/linus/e6bd18f57aad1a2d1ef40e646d03ed0f2515c9e3</a> CVE-ID request and assignment: <a href="http://seclists.org/oss-sec/2016/q2/269">http://seclists.org/oss-sec/2016/q2/269</a> <a href="http://seclists.org/oss-sec/2016/q2/274">http://seclists.org/oss-sec/2016/q2/274</a>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux kernel |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/linus/e6bd18f57aad1a2d1ef40e646d03ed0f2515c9e3
- http://seclists.org/oss-sec/2016/q2/269
- http://seclists.org/oss-sec/2016/q2/274
- https://access.redhat.com/security/cve/CVE-2016-2189
- https://access.redhat.com/security/cve/CVE-2016-4565
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1334217
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1310570#c5
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1336754
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1310570#c17
- https://www.redhat.com/en/services/support
- https://access.redhat.com/errata/RHSA-2016:1277
- https://access.redhat.com/errata/RHSA-2016:1301
- https://access.redhat.com/errata/RHSA-2016:1341
- https://access.redhat.com/errata/RHSA-2016:1406
- https://rhn.redhat.com/errata/RHSA-2016-1489.html
- https://rhn.redhat.com/errata/RHSA-2016-1581.html
- https://rhn.redhat.com/errata/RHSA-2016-1617.html
- https://rhn.redhat.com/errata/RHSA-2016-1640.html
- https://rhn.redhat.com/errata/RHSA-2016-1657.html
- https://rhn.redhat.com/errata/RHSA-2016-1814.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1310570
Frequently Asked Questions
What is the severity of REDHAT-BUG-1310570?
The severity of REDHAT-BUG-1310570 is considered high due to potential arbitrary memory access risks.
How do I fix REDHAT-BUG-1310570?
To fix REDHAT-BUG-1310570, update to the latest patched version of the affected Linux kernel.
What systems are affected by REDHAT-BUG-1310570?
REDHAT-BUG-1310570 affects systems running the vulnerable versions of the Linux kernel utilizing the infiniband stack.
What are the potential impacts of exploiting REDHAT-BUG-1310570?
Exploiting REDHAT-BUG-1310570 can lead to unauthorized access to kernel memory and potential system compromise.
How can I determine if my system is vulnerable to REDHAT-BUG-1310570?
You can determine if your system is vulnerable to REDHAT-BUG-1310570 by checking your kernel version against the known vulnerable versions.
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2016-4565
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/severity
- agent/references
- agent/description
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/linux kernel
- canonical/linux kernel