Vulnerability Name:

CVE-2016-6136 (CCN-114719)

Assigned:2016-07-04
Published:2016-07-04
Updated:2018-01-05
Summary:Race condition in the audit_log_single_execve_arg function in kernel/auditsc.c in the Linux kernel through 4.7 allows local users to bypass intended character-set restrictions or disrupt system-call auditing by changing a certain string, aka a "double fetch" vulnerability.
CVSS v3 Severity:4.7 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N)
4.1 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): High
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): High
Availibility (A): None
4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
3.5 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
5.3 Medium (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H)
4.6 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): High
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:1.9 Low (CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
3.3 Low (REDHAT CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-362
Vulnerability Consequences:Obtain Information
References:Source: MITRE
Type: CNA
CVE-2016-6136

Source: CONFIRM
Type: Issue Tracking, Patch
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=43761473c254b45883a64441dd0bc85a42f3645c

Source: CCN
Type: RHSA-2016-2574
Important: kernel security, bug fix, and enhancement update

Source: REDHAT
Type: UNKNOWN
RHSA-2016:2574

Source: CCN
Type: RHSA-2016-2584
Important: kernel-rt security, bug fix, and enhancement update

Source: REDHAT
Type: UNKNOWN
RHSA-2016:2584

Source: CCN
Type: RHSA-2017-0307
Moderate: kernel security and bug fix update

Source: REDHAT
Type: UNKNOWN
RHSA-2017:0307

Source: CCN
Type: BugTraq Mailing List, Mon, 4 Jul 2016 15:05:50 GMT
[CVE-2016-6136] Double-Fetch Vulnerability in Linux-4.6/kernel/auditsc.c

Source: CCN
Type: IBM Security Bulletin T1025263 (PowerKVM)
Vulnerabilities in the Linux Kernel affect PowerKVM

Source: CCN
Type: IBM Security Bulletin S1012277 (Storwize V7000 (2076))
Multiple vulnerabilities in Linux Kernel affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Source: CCN
Type: IBM Security Bulletin 2004744 (QRadar Network Security)
IBM QRadar Network Security is affected by multiple vulnerabilities in Linux Kernel

Source: CCN
Type: IBM Security Bulletin 2010338 (Security Access Manager)
IBM Security Access Manager version 9.0.3.0 appliances are affected by multiple kernel vulnerabilities

Source: BUGTRAQ
Type: Third Party Advisory, VDB Entry
20160704 [CVE-2016-6136] Double-Fetch Vulnerability in Linux-4.6/kernel/auditsc.c

Source: BID
Type: UNKNOWN
91558

Source: CCN
Type: BID-91558
Linux Kernel CVE-2016-6136 Local Information Disclosure Vulnerability

Source: CCN
Type: Kernel Bug Tracker – Bug 120681
Double-Fetch bug in Linux-4.6/kernel/auditsc.c

Source: CONFIRM
Type: Issue Tracking
https://bugzilla.kernel.org/show_bug.cgi?id=120681

Source: CONFIRM
Type: Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=1353533

Source: XF
Type: UNKNOWN
linux-kernel-cve20166136-info-disc(114719)

Source: CCN
Type: Linux Kernel GIT Repository
BUG: fix double fetch in audit_log_single_execve_arg() #18

Source: CONFIRM
Type: Issue Tracking, Patch
https://github.com/linux-audit/audit-kernel/issues/18

Source: CONFIRM
Type: Issue Tracking, Patch
https://github.com/torvalds/linux/commit/43761473c254b45883a64441dd0bc85a42f3645c

Source: CONFIRM
Type: UNKNOWN
https://source.android.com/security/bulletin/2016-11-01.html

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2016-6136

Vulnerable Configuration:Configuration 1:
  • cpe:/o:linux:linux_kernel:*:*:*:*:*:*:*:* (Version <= 4.7)

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:7::client:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:7::computenode:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:7::workstation:*:*:*:*:*

    • Configuration RedHat 6:
  • cpe:/a:redhat:rhel_extras_rt:7:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:linux:linux_kernel:4.6:*:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:storwize_v7000_software:6.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:storwize_v7000_software:6.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:storwize_v7000_software:6.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:storwize_v7000_software:6.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:storwize_v7000_software:7.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:storwize_v7000_software:7.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:powerkvm:2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:storwize_v7000_software:7.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:storwize_v7000_software:7.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:storwize_v7000_software:7.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:storwize_v7000_software:7.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:powerkvm:3.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_desktop:7:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_hpc_node:7:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_server:7:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_workstation:7:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_for_real_time:7:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_desktop:6:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_hpc_node:6:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_server:6:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_workstation:6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:storwize_v7000_software:7.6.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:storwize_v7000_software:7.7:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:storwize_v7000_software:7.7.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:storwize_v7000_software:7.8:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:storwize_v7000_software:7.8.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:qradar_network_security:5.4:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:security_access_manager_firmware:9.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:storwize_v7000_software:8.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:storwize_v7000_software:8.1.1:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:com.redhat.rhsa:def:20170307
    P
    		RHSA-2017:0307: kernel security and bug fix update (Moderate)
    2017-02-23
    oval:com.redhat.rhsa:def:20162574
    P
    		RHSA-2016:2574: kernel security, bug fix, and enhancement update (Important)
    2016-11-03
    oval:com.redhat.rhsa:def:20162584
    P
    		RHSA-2016:2584: kernel-rt security, bug fix, and enhancement update (Important)
    2016-11-03
    oval:org.cisecurity:def:1156
    P
    		DSA-3659-1 -- linux -- security update
    2016-10-14
    oval:com.ubuntu.xenial:def:201661360000000
    V
    		CVE-2016-6136 on Ubuntu 16.04 LTS (xenial) - low.
    2016-08-06
    oval:com.ubuntu.trusty:def:20166136000
    V
    		CVE-2016-6136 on Ubuntu 14.04 LTS (trusty) - low.
    2016-08-06
    oval:com.ubuntu.xenial:def:20166136000
    V
    		CVE-2016-6136 on Ubuntu 16.04 LTS (xenial) - low.
    2016-08-06
    oval:com.ubuntu.precise:def:20166136000
    V
    		CVE-2016-6136 on Ubuntu 12.04 LTS (precise) - low.
    2016-08-06
    BACK
    linux linux kernel *
    linux linux kernel 4.6
    ibm storwize v7000 software 6.1
    ibm storwize v7000 software 6.2
    ibm storwize v7000 software 6.3
    ibm storwize v7000 software 6.4
    ibm storwize v7000 software 7.1
    ibm storwize v7000 software 7.2
    ibm powerkvm 2.1
    ibm storwize v7000 software 7.3
    ibm storwize v7000 software 7.4
    ibm storwize v7000 software 7.5
    ibm storwize v7000 software 7.6
    ibm powerkvm 3.1
    redhat enterprise linux desktop 7
    redhat enterprise linux hpc node 7
    redhat enterprise linux server 7
    redhat enterprise linux workstation 7
    redhat enterprise linux for real time 7
    redhat enterprise linux desktop 6
    redhat enterprise linux hpc node 6
    redhat enterprise linux server 6
    redhat enterprise linux workstation 6
    ibm storwize v7000 software 7.6.1
    ibm storwize v7000 software 7.7
    ibm storwize v7000 software 7.7.1
    ibm storwize v7000 software 7.8
    ibm storwize v7000 software 7.8.1
    ibm qradar network security 5.4
    ibm security access manager firmware 9.0.3
    ibm storwize v7000 software 8.1
    ibm storwize v7000 software 8.1.1