Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
None
Privileges Required
Low
Attack Vector
Local
0

CVE-2016-1583

Disclosure Date: June 27, 2016
CVE-2016-1583 CVSS v3 Base Score: 7.8
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
7.8 High
Impact Score:
5.9
Exploitability Score:
1.8
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector (AV):
Local
Attack Complexity (AC):
Low
Privileges Required (PR):
Low
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
High

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • canonical,
  • debian,
  • linux,
  • novell

Products

  • debian linux 8.0,
  • linux kernel,
  • suse linux enterprise debuginfo 11.0,
  • suse linux enterprise desktop 12.0,
  • suse linux enterprise live patching 12.0,
  • suse linux enterprise module for public cloud 12,
  • suse linux enterprise server 11.0,
  • suse linux enterprise server 12.0,
  • suse linux enterprise software development kit 11.0,
  • suse linux enterprise software development kit 12.0,
  • suse linux enterprise workstation extension 12.0,
  • ubuntu linux 12.04,
  • ubuntu linux 14.04,
  • ubuntu linux 15.10,
  • ubuntu linux 16.04

References

Canonical
CVE-2016-1583 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1583)
BID-91157 (http://www.securityfocus.com/bid/91157)
Advisory
USN-3006-1 (http://www.ubuntu.com/usn/USN-3006-1)
USN-3004-1 (http://www.ubuntu.com/usn/USN-3004-1)
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html
https://github.com/torvalds/linux/commit/f5364c150aa645b3d7daa21b5c0b9feaa1c9cd6d
http://rhn.redhat.com/errata/RHSA-2016-2766.html
USN-3001-1 (http://www.ubuntu.com/usn/USN-3001-1)
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.3
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit?id=f5364c150aa645b3d7daa21b5c0b9feaa1c9cd6d
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html
EXPLOIT-DB-39992 (https://www.exploit-db.com/exploits/39992)
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html
USN-3005-1 (http://www.ubuntu.com/usn/USN-3005-1)
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html
USN-2999-1 (http://www.ubuntu.com/usn/USN-2999-1)
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit?id=2f36db71009304b3f0b95afacd8eba1f9f046b87
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html
[oss-security] 20160610 [vs-plain] Linux kernel stack overflow via ecryptfs and /proc/$pid/environ (http://www.openwall.com/lists/oss-security/2016/06/10/8)
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html
USN-2997-1 (http://www.ubuntu.com/usn/USN-2997-1)
USN-3000-1 (http://www.ubuntu.com/usn/USN-3000-1)
DSA-3607 (http://www.debian.org/security/2016/dsa-3607)
SECTRACK-1036763 (http://www.securitytracker.com/id/1036763)
https://github.com/torvalds/linux/commit/2f36db71009304b3f0b95afacd8eba1f9f046b87
USN-3002-1 (http://www.ubuntu.com/usn/USN-3002-1)
USN-2996-1 (http://www.ubuntu.com/usn/USN-2996-1)
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00027.html
https://access.redhat.com/errata/RHSA-2017:2760
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html
USN-3007-1 (http://www.ubuntu.com/usn/USN-3007-1)
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html
http://rhn.redhat.com/errata/RHSA-2016-2124.html
USN-3003-1 (http://www.ubuntu.com/usn/USN-3003-1)
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html
[oss-security] 20160622 Re: [vs-plain] Linux kernel stack overflow via ecryptfs and /proc/$pid/environ (http://www.openwall.com/lists/oss-security/2016/06/22/1)
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html
https://bugzilla.redhat.com/show_bug.cgi?id=1344721
USN-2998-1 (http://www.ubuntu.com/usn/USN-2998-1)
USN-3008-1 (http://www.ubuntu.com/usn/USN-3008-1)
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html
Miscellaneous
https://bugs.chromium.org/p/project-zero/issues/detail?id=836
https://github.com/torvalds/linux/commit/f0fe970df3838c202ef6c07a4c2b36838ef0a88b
http://packetstormsecurity.com/files/137560/Linux-ecryptfs-Stack-Overflow.html

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis