Vulnerability Name: CVE-2016-6136 (CCN-114719) Assigned: 2016-07-04 Published: 2016-07-04 Updated: 2018-01-05 Summary: Race condition in the audit_log_single_execve_arg function in kernel/auditsc.c in the Linux kernel through 4.7 allows local users to bypass intended character-set restrictions or disrupt system-call auditing by changing a certain string, aka a "double fetch" vulnerability. CVSS v3 Severity: 4.7 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N 4.1 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): LocalAttack Complexity (AC): HighPrivileges Required (PR): LowUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): HighAvailibility (A): None
4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.5 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): LocalAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): LowIntegrity (I): NoneAvailibility (A): None
5.3 Medium (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H 4.6 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): LocalAttack Complexity (AC): HighPrivileges Required (PR): LowUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): LowIntegrity (I): NoneAvailibility (A): High
CVSS v2 Severity: 1.9 Low (CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:P/A:N Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): MediumAuthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): PartialAvailibility (A): None
2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): NoneAvailibility (A): None
3.3 Low (REDHAT CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:N/A:P Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): MediumAuthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): NoneAvailibility (A): Partial
Vulnerability Type: CWE-362 Vulnerability Consequences: Obtain Information References: Source: MITRECVE-2016-6136 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=43761473c254b45883a64441dd0bc85a42f3645c Important: kernel security, bug fix, and enhancement update RHSA-2016:2574 Important: kernel-rt security, bug fix, and enhancement update RHSA-2016:2584 Moderate: kernel security and bug fix update RHSA-2017:0307 [CVE-2016-6136] Double-Fetch Vulnerability in Linux-4.6/kernel/auditsc.c Vulnerabilities in the Linux Kernel affect PowerKVM Multiple vulnerabilities in Linux Kernel affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products IBM QRadar Network Security is affected by multiple vulnerabilities in Linux Kernel IBM Security Access Manager version 9.0.3.0 appliances are affected by multiple kernel vulnerabilities 20160704 [CVE-2016-6136] Double-Fetch Vulnerability in Linux-4.6/kernel/auditsc.c 91558 Linux Kernel CVE-2016-6136 Local Information Disclosure Vulnerability Double-Fetch bug in Linux-4.6/kernel/auditsc.c https://bugzilla.kernel.org/show_bug.cgi?id=120681 https://bugzilla.redhat.com/show_bug.cgi?id=1353533 linux-kernel-cve20166136-info-disc(114719) BUG: fix double fetch in audit_log_single_execve_arg() #18 https://github.com/linux-audit/audit-kernel/issues/18 https://github.com/torvalds/linux/commit/43761473c254b45883a64441dd0bc85a42f3645c https://source.android.com/security/bulletin/2016-11-01.html CVE-2016-6136 Vulnerable Configuration: Configuration 1 :cpe:/o:linux:linux_kernel:*:*:*:*:*:*:*:* (Version <= 4.7)Configuration RedHat 1 :cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:* Configuration RedHat 2 :cpe:/o:redhat:enterprise_linux:7::client:*:*:*:*:* Configuration RedHat 3 :cpe:/o:redhat:enterprise_linux:7::computenode:*:*:*:*:* Configuration RedHat 4 :cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:* Configuration RedHat 5 :cpe:/o:redhat:enterprise_linux:7::workstation:*:*:*:*:* Configuration RedHat 6 :cpe:/a:redhat:rhel_extras_rt:7:*:*:*:*:*:*:* Configuration RedHat 7 :cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:* Configuration RedHat 8 :cpe:/o:redhat:enterprise_linux:6::client:*:*:*:*:* Configuration RedHat 9 :cpe:/o:redhat:enterprise_linux:6::computenode:*:*:*:*:* Configuration RedHat 10 :cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:* Configuration RedHat 11 :cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:* Configuration CCN 1 :cpe:/o:linux:linux_kernel:4.6:*:*:*:*:*:*:* AND cpe:/a:ibm:storwize_v7000_software:6.1:*:*:*:*:*:*:* OR cpe:/a:ibm:storwize_v7000_software:6.2:*:*:*:*:*:*:* OR cpe:/a:ibm:storwize_v7000_software:6.3:*:*:*:*:*:*:* OR cpe:/a:ibm:storwize_v7000_software:6.4:*:*:*:*:*:*:* OR cpe:/a:ibm:storwize_v7000_software:7.1:*:*:*:*:*:*:* OR cpe:/a:ibm:storwize_v7000_software:7.2:*:*:*:*:*:*:* OR cpe:/a:ibm:powerkvm:2.1:*:*:*:*:*:*:* OR cpe:/a:ibm:storwize_v7000_software:7.3:*:*:*:*:*:*:* OR cpe:/a:ibm:storwize_v7000_software:7.4:*:*:*:*:*:*:* OR cpe:/a:ibm:storwize_v7000_software:7.5:*:*:*:*:*:*:* OR cpe:/a:ibm:storwize_v7000_software:7.6:*:*:*:*:*:*:* OR cpe:/a:ibm:powerkvm:3.1:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_desktop:7:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_hpc_node:7:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_server:7:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_workstation:7:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_for_real_time:7:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_desktop:6:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_hpc_node:6:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_server:6:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux_workstation:6:*:*:*:*:*:*:* OR cpe:/a:ibm:storwize_v7000_software:7.6.1:*:*:*:*:*:*:* OR cpe:/a:ibm:storwize_v7000_software:7.7:*:*:*:*:*:*:* OR cpe:/a:ibm:storwize_v7000_software:7.7.1:*:*:*:*:*:*:* OR cpe:/a:ibm:storwize_v7000_software:7.8:*:*:*:*:*:*:* OR cpe:/a:ibm:storwize_v7000_software:7.8.1:*:*:*:*:*:*:* OR cpe:/a:ibm:qradar_network_security:5.4:*:*:*:*:*:*:* OR cpe:/o:ibm:security_access_manager_firmware:9.0.3:*:*:*:*:*:*:* OR cpe:/a:ibm:storwize_v7000_software:8.1:*:*:*:*:*:*:* OR cpe:/a:ibm:storwize_v7000_software:8.1.1:*:*:*:*:*:*:* Oval Definitions BACK
linux linux kernel *
linux linux kernel 4.6
ibm storwize v7000 software 6.1
ibm storwize v7000 software 6.2
ibm storwize v7000 software 6.3
ibm storwize v7000 software 6.4
ibm storwize v7000 software 7.1
ibm storwize v7000 software 7.2
ibm powerkvm 2.1
ibm storwize v7000 software 7.3
ibm storwize v7000 software 7.4
ibm storwize v7000 software 7.5
ibm storwize v7000 software 7.6
ibm powerkvm 3.1
redhat enterprise linux desktop 7
redhat enterprise linux hpc node 7
redhat enterprise linux server 7
redhat enterprise linux workstation 7
redhat enterprise linux for real time 7
redhat enterprise linux desktop 6
redhat enterprise linux hpc node 6
redhat enterprise linux server 6
redhat enterprise linux workstation 6
ibm storwize v7000 software 7.6.1
ibm storwize v7000 software 7.7
ibm storwize v7000 software 7.7.1
ibm storwize v7000 software 7.8
ibm storwize v7000 software 7.8.1
ibm qradar network security 5.4
ibm security access manager firmware 9.0.3
ibm storwize v7000 software 8.1
ibm storwize v7000 software 8.1.1
Denotes that component is vulnerable