CWE
362
Advisory Published

USN-2908-3: Linux kernel (Raspberry Pi 2) vulnerabilities

First published: Mon Feb 22 2016(Updated: )

halfdog discovered that OverlayFS, when mounting on top of a FUSE mount, incorrectly propagated file attributes, including setuid. A local unprivileged attacker could use this to gain privileges. (CVE-2016-1576) halfdog discovered that OverlayFS in the Linux kernel incorrectly propagated security sensitive extended attributes, such as POSIX ACLs. A local unprivileged attacker could use this to gain privileges. (CVE-2016-1575) It was discovered that the Linux kernel did not properly enforce rlimits for file descriptors sent over UNIX domain sockets. A local attacker could use this to cause a denial of service. (CVE-2013-4312) It was discovered that the Linux kernel's Filesystem in Userspace (FUSE) implementation did not handle initial zero length segments properly. A local attacker could use this to cause a denial of service (unkillable task). (CVE-2015-8785) Andy Lutomirski discovered a race condition in the Linux kernel's translation lookaside buffer (TLB) handling of flush events. A local attacker could use this to cause a denial of service or possibly leak sensitive information. (CVE-2016-2069)

Affected SoftwareAffected VersionHow to fix
All of
ubuntu/linux-image-4.2.0-1025-raspi2<4.2.0-1025.32
4.2.0-1025.32
=15.10

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Child vulnerabilities

(Contains the following vulnerabilities)

Frequently Asked Questions

  • What is the vulnerability ID for this Linux kernel vulnerability?

    The vulnerability ID for this Linux kernel vulnerability is CVE-2016-1576.

  • What is the impact of CVE-2016-1576?

    CVE-2016-1576 allows a local unprivileged attacker to gain privileges.

  • How can an attacker exploit CVE-2016-1576?

    An attacker can exploit CVE-2016-1576 by leveraging OverlayFS when mounting on top of a FUSE mount incorrectly propagated file attributes, including setuid.

  • Is there a fix available for this vulnerability?

    Yes, there is a fix available for this vulnerability in the Linux kernel version 4.2.0-1025.32 (linux-image-4.2.0-1025-raspi2 package).

  • What is the severity of CVE-2016-1576?

    The severity of CVE-2016-1576 is high.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203