CVE-2016-6136 - OpenCVE

Race condition in the audit_log_single_execve_arg function in kernel/auditsc.c in the Linux kernel through 4.7 allows local users to bypass intended character-set restrictions or disrupt system-call auditing by changing a certain string, aka a "double fetch" vulnerability.

No CVSS v3.1

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:L/AC:M/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Linux	Linux Kernel

Configuration 1 [-]

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

References

Link	Resource
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=43761473c254b45883a64441dd0bc85a42f3645c	Issue Tracking Patch
http://rhn.redhat.com/errata/RHSA-2016-2574.html
http://rhn.redhat.com/errata/RHSA-2016-2584.html
http://rhn.redhat.com/errata/RHSA-2017-0307.html
http://www.securityfocus.com/archive/1/538835/30/0/threaded	Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/91558
https://bugzilla.kernel.org/show_bug.cgi?id=120681	Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=1353533	Issue Tracking
https://github.com/linux-audit/audit-kernel/issues/18	Issue Tracking Patch
https://github.com/torvalds/linux/commit/43761473c254b45883a64441dd0bc85a42f3645c	Issue Tracking Patch
https://source.android.com/security/bulletin/2016-11-01.html

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2016-08-06T20:00:00

Updated: 2018-01-04T19:57:01

Reserved: 2016-07-01T00:00:00

Link: CVE-2016-6136

JSON object: View

NVD Information

Status : Modified

Published: 2016-08-06T20:59:06.800

Modified: 2018-01-05T02:31:04.667

Link: CVE-2016-6136

JSON object: View

Redhat Information

No data.

CWE

CWE-362

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-04-27T00:00:00", "descriptions": [{"lang": "en", "value": "Race condition in the audit_log_single_execve_arg function in kernel/auditsc.c in the Linux kernel through 4.7 allows local users to bypass intended character-set restrictions or disrupt system-call auditing by changing a certain string, aka a \"double fetch\" vulnerability."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-01-04T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "91558", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/91558"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/linux-audit/audit-kernel/issues/18"}, {"name": "RHSA-2016:2584", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html"}, {"name": "RHSA-2016:2574", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/torvalds/linux/commit/43761473c254b45883a64441dd0bc85a42f3645c"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.kernel.org/show_bug.cgi?id=120681"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1353533"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://source.android.com/security/bulletin/2016-11-01.html"}, {"name": "20160704 [CVE-2016-6136] Double-Fetch Vulnerability in Linux-4.6/kernel/auditsc.c", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/538835/30/0/threaded"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=43761473c254b45883a64441dd0bc85a42f3645c"}, {"name": "RHSA-2017:0307", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0307.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-6136", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Race condition in the audit_log_single_execve_arg function in kernel/auditsc.c in the Linux kernel through 4.7 allows local users to bypass intended character-set restrictions or disrupt system-call auditing by changing a certain string, aka a \"double fetch\" vulnerability."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "91558", "refsource": "BID", "url": "http://www.securityfocus.com/bid/91558"}, {"name": "https://github.com/linux-audit/audit-kernel/issues/18", "refsource": "CONFIRM", "url": "https://github.com/linux-audit/audit-kernel/issues/18"}, {"name": "RHSA-2016:2584", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html"}, {"name": "RHSA-2016:2574", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html"}, {"name": "https://github.com/torvalds/linux/commit/43761473c254b45883a64441dd0bc85a42f3645c", "refsource": "CONFIRM", "url": "https://github.com/torvalds/linux/commit/43761473c254b45883a64441dd0bc85a42f3645c"}, {"name": "https://bugzilla.kernel.org/show_bug.cgi?id=120681", "refsource": "CONFIRM", "url": "https://bugzilla.kernel.org/show_bug.cgi?id=120681"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1353533", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1353533"}, {"name": "https://source.android.com/security/bulletin/2016-11-01.html", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2016-11-01.html"}, {"name": "20160704 [CVE-2016-6136] Double-Fetch Vulnerability in Linux-4.6/kernel/auditsc.c", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/538835/30/0/threaded"}, {"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=43761473c254b45883a64441dd0bc85a42f3645c", "refsource": "CONFIRM", "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=43761473c254b45883a64441dd0bc85a42f3645c"}, {"name": "RHSA-2017:0307", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2017-0307.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-6136", "datePublished": "2016-08-06T20:00:00", "dateReserved": "2016-07-01T00:00:00", "dateUpdated": "2018-01-04T19:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "6AF8F457-8A21-4907-BB5E-6193D0DAD885", "versionEndIncluding": "4.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Race condition in the audit_log_single_execve_arg function in kernel/auditsc.c in the Linux kernel through 4.7 allows local users to bypass intended character-set restrictions or disrupt system-call auditing by changing a certain string, aka a \"double fetch\" vulnerability."}, {"lang": "es", "value": "Condici\u00f3n de carrera en la funci\u00f3n audit_log_single_execve_arg en kernel/auditsc.c en el kernel de Linux hasta la versi\u00f3n 4.7 permite a usuarios locales eludir restricciones de set de caracteres intencionados o interrumpir la auditoria del sistema de llamada cambiando una cierta cadena, tambi\u00e9n conocido como una vulnerabilidad de \"doble recuperaci\u00f3n\"."}], "id": "CVE-2016-6136", "lastModified": "2018-01-05T02:31:04.667", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 1.9, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 1.0, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-08-06T20:59:06.800", "references": [{"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=43761473c254b45883a64441dd0bc85a42f3645c"}, {"source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html"}, {"source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html"}, {"source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2017-0307.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/538835/30/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/91558"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking"], "url": "https://bugzilla.kernel.org/show_bug.cgi?id=120681"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1353533"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/linux-audit/audit-kernel/issues/18"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/torvalds/linux/commit/43761473c254b45883a64441dd0bc85a42f3645c"}, {"source": "cve@mitre.org", "url": "https://source.android.com/security/bulletin/2016-11-01.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}], "source": "nvd@nist.gov", "type": "Primary"}]}