Vulnerability CVE-2016-4581

Vulnerability Name:

CVE-2016-4581 (CCN-113159)

Assigned:

2016-05-05

Published:

2016-05-05

Updated:

2023-02-12

Summary:

fs/pnode.c in the Linux kernel before 4.5.4 does not properly traverse a mount propagation tree in a certain case involving a slave mount, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted series of mount system calls.

CVSS v3 Severity:

5.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
4.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

6.2 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.4 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

CVSS v2 Severity:

4.9 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Complete

4.9 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Complete

4.7 Medium (REDHAT CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:N/A:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Complete

Vulnerability Type:

CWE-476

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2016-4581

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: RHSA-2016-2574
Important: kernel security, bug fix, and enhancement update

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: RHSA-2016-2584
Important: kernel-rt security, bug fix, and enhancement update

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: oss-sec Mailing List, Wed, 11 May 2016 10:57:06 +0200
CVE request: Mishandling the first propagated copy being a slave

Source: CCN
Type: oss-sec Mailing List, Wed, 11 May 2016 11:36:09 -0400 (EDT)
Re: CVE request: Mishandling the first propagated copy being a slave - Linux kernel

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: IBM Security Bulletin T1025263 (PowerKVM)
Vulnerabilities in the Linux Kernel affect PowerKVM

Source: CCN
Type: IBM Security Bulletin S1012277 (Storwize V7000 (2076))
Multiple vulnerabilities in Linux Kernel affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Source: CCN
Type: IBM Security Bulletin 2004744 (QRadar Network Security)
IBM QRadar Network Security is affected by multiple vulnerabilities in Linux Kernel

Source: CCN
Type: IBM Security Bulletin 2010338 (Security Access Manager)
IBM Security Access Manager version 9.0.3.0 appliances are affected by multiple kernel vulnerabilities

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Issue Tracking, Third Party Advisory, VDB Entry
secalert@redhat.com

Source: XF
Type: UNKNOWN
linux-cve20164581-dos(113159)

Source: CCN
Type: Linux Kernel GIT Repository
propogate_mnt: Handle the first propogated copy being a slave

Source: secalert@redhat.com
Type: Vendor Advisory
secalert@redhat.com

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2016-4581

Vulnerable Configuration:

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:7::client:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:7::computenode:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:7::workstation:*:*:*:*:*

Configuration RedHat 6:

cpe:/a:redhat:rhel_extras_rt:7:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/o:linux:linux_kernel:-:*:*:*:*:*:*:*

AND

cpe:/a:ibm:storwize_v7000_software:6.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:storwize_v7000_software:6.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:storwize_v7000_software:6.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:storwize_v7000_software:6.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:storwize_v7000_software:7.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:storwize_v7000_software:7.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:powerkvm:2.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:storwize_v7000_software:7.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:storwize_v7000_software:7.4:*:*:*:*:*:*:*

OR cpe:/a:ibm:storwize_v7000_software:7.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:storwize_v7000_software:7.6:*:*:*:*:*:*:*

OR cpe:/a:ibm:powerkvm:3.1:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_desktop:7:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_hpc_node:7:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_server:7:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_workstation:7:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_for_real_time:7:*:*:*:*:*:*:*

OR cpe:/a:ibm:storwize_v7000_software:7.6.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:storwize_v7000_software:7.7:*:*:*:*:*:*:*

OR cpe:/a:ibm:storwize_v7000_software:7.7.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:storwize_v7000_software:7.8:*:*:*:*:*:*:*

OR cpe:/a:ibm:storwize_v7000_software:7.8.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:qradar_network_security:5.4:*:*:*:*:*:*:*

OR cpe:/o:ibm:security_access_manager_firmware:9.0.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:storwize_v7000_software:8.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:storwize_v7000_software:8.1.1:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20164581	V	CVE-2016-4581	2022-05-20
oval:com.redhat.rhsa:def:20162574	P	RHSA-2016:2574: kernel security, bug fix, and enhancement update (Important)	2016-11-03
oval:com.redhat.rhsa:def:20162584	P	RHSA-2016:2584: kernel-rt security, bug fix, and enhancement update (Important)	2016-11-03
oval:org.cisecurity:def:954	P	DSA-3607-1 -- linux -- security update	2016-08-12
oval:com.ubuntu.xenial:def:201645810000000	V	CVE-2016-4581 on Ubuntu 16.04 LTS (xenial) - medium.	2016-05-23
oval:com.ubuntu.xenial:def:20164581000	V	CVE-2016-4581 on Ubuntu 16.04 LTS (xenial) - medium.	2016-05-23
oval:com.ubuntu.precise:def:20164581000	V	CVE-2016-4581 on Ubuntu 12.04 LTS (precise) - medium.	2016-05-23
oval:com.ubuntu.trusty:def:20164581000	V	CVE-2016-4581 on Ubuntu 14.04 LTS (trusty) - medium.	2016-05-23

BACK