| Revision Date: | 2016-05-23 | Version: | 1 | | Title: | CVE-2016-4951 on Ubuntu 14.04 LTS (trusty) - low. | | Description: | The tipc_nl_publ_dump function in net/tipc/socket.c in the Linux kernel through 4.6 does not verify socket existence, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a dumpit operation. Baozeng Ding discovered that the Transparent Inter-process Communication (TIPC) implementation in the Linux kernel did not verify socket existence before use in some situations. A local attacker could use this to cause a denial of service (system crash).
| | Family: | unix | Class: | vulnerability | | Status: | | Reference(s): | CVE-2016-4951
| | Platform(s): | Ubuntu 14.04 LTS
| Product(s): | | | Definition Synopsis | | Ubuntu 14.04 LTS (trusty) is installed. AND Package Information
NOT While related to the CVE in some way, the 'linux' package in trusty is not affected.
OR NOT While related to the CVE in some way, the 'linux-aws' package in trusty is not affected (note: '4.4.0-1002.2').
OR While related to the CVE in some way, a decision has been made to ignore it.
OR While related to the CVE in some way, a decision has been made to ignore it.
OR While related to the CVE in some way, a decision has been made to ignore it.
OR NOT While related to the CVE in some way, the 'linux-lts-utopic' package in trusty is not affected.
OR The 'linux-lts-vivid' package in trusty was vulnerable but has been fixed (note: '3.19.0-64.72~14.04.1').
OR The 'linux-lts-wily' package in trusty was vulnerable but has been fixed (note: '4.2.0-41.48~14.04.1').
OR The 'linux-lts-xenial' package in trusty was vulnerable but has been fixed (note: '4.4.0-28.47~14.04.1').
OR While related to the CVE in some way, a decision has been made to ignore it.
OR While related to the CVE in some way, a decision has been made to ignore it.
OR While related to the CVE in some way, a decision has been made to ignore it.
|
|