CVE-2016-6480 - OpenCVE

Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 4.7 allows local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a "double fetch" vulnerability.

No CVSS v3.1

Attack Vector Local

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:L/AC:M/Au:N/C:N/I:N/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Linux	Linux Kernel

Configuration 1 [-]

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00048.html
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00049.html
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00050.html
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00051.html
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00052.html
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00053.html
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00054.html
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00001.html
http://rhn.redhat.com/errata/RHSA-2016-2574.html
http://rhn.redhat.com/errata/RHSA-2016-2584.html
http://rhn.redhat.com/errata/RHSA-2017-0817.html
http://www.securityfocus.com/archive/1/539074/30/0/threaded	Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/92214
https://bugzilla.redhat.com/show_bug.cgi?id=1362466	Issue Tracking Third Party Advisory VDB Entry

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2016-08-06T20:00:00

Updated: 2018-01-04T19:57:01

Reserved: 2016-07-26T00:00:00

Link: CVE-2016-6480

JSON object: View

NVD Information

Status : Modified

Published: 2016-08-06T20:59:14.487

Modified: 2018-01-05T02:31:06.743

Link: CVE-2016-6480

JSON object: View

Redhat Information

No data.

CWE

CWE-362

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-04-27T00:00:00", "descriptions": [{"lang": "en", "value": "Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 4.7 allows local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a \"double fetch\" vulnerability."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-01-04T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1362466"}, {"name": "20160801 [CVE-2016-6480] Double-Fetch Vulnerability in Linux-4.5/drivers/scsi/aacraid/commctrl.c", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/539074/30/0/threaded"}, {"name": "SUSE-SU-2016:2180", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00053.html"}, {"name": "92214", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/92214"}, {"name": "SUSE-SU-2016:2174", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00048.html"}, {"name": "SUSE-SU-2016:2230", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00001.html"}, {"name": "RHSA-2016:2584", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html"}, {"name": "RHSA-2016:2574", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html"}, {"name": "RHSA-2017:0817", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0817.html"}, {"name": "SUSE-SU-2016:2181", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00054.html"}, {"name": "SUSE-SU-2016:2178", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00051.html"}, {"name": "SUSE-SU-2016:2175", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00049.html"}, {"name": "SUSE-SU-2016:2177", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00050.html"}, {"name": "SUSE-SU-2016:2179", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00052.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-6480", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 4.7 allows local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a \"double fetch\" vulnerability."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1362466", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1362466"}, {"name": "20160801 [CVE-2016-6480] Double-Fetch Vulnerability in Linux-4.5/drivers/scsi/aacraid/commctrl.c", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/539074/30/0/threaded"}, {"name": "SUSE-SU-2016:2180", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00053.html"}, {"name": "92214", "refsource": "BID", "url": "http://www.securityfocus.com/bid/92214"}, {"name": "SUSE-SU-2016:2174", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00048.html"}, {"name": "SUSE-SU-2016:2230", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00001.html"}, {"name": "RHSA-2016:2584", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html"}, {"name": "RHSA-2016:2574", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html"}, {"name": "RHSA-2017:0817", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2017-0817.html"}, {"name": "SUSE-SU-2016:2181", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00054.html"}, {"name": "SUSE-SU-2016:2178", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00051.html"}, {"name": "SUSE-SU-2016:2175", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00049.html"}, {"name": "SUSE-SU-2016:2177", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00050.html"}, {"name": "SUSE-SU-2016:2179", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00052.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-6480", "datePublished": "2016-08-06T20:00:00", "dateReserved": "2016-07-26T00:00:00", "dateUpdated": "2018-01-04T19:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "6AF8F457-8A21-4907-BB5E-6193D0DAD885", "versionEndIncluding": "4.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 4.7 allows local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a \"double fetch\" vulnerability."}, {"lang": "es", "value": "Condici\u00f3n de carrera en la funci\u00f3n ioctl_send_fib en drivers/scsi/aacraid/commctrl.c en el kernel de Linux hasta la versi\u00f3n 4.7 permite a usuarios locales provocar una denegaci\u00f3n de servicio (acceso fuera de rango o ca\u00edda de sistema) cambiando un cierto valor de tama\u00f1o, tambi\u00e9n conocido como una vulnerabilidad de \"doble recuperaci\u00f3n\"."}], "id": "CVE-2016-6480", "lastModified": "2018-01-05T02:31:06.743", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.7, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 1.4, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-08-06T20:59:14.487", "references": [{"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00048.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00049.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00050.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00051.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00052.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00053.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00054.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00001.html"}, {"source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2016-2574.html"}, {"source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2016-2584.html"}, {"source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2017-0817.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/539074/30/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/92214"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Third Party Advisory", "VDB Entry"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1362466"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}], "source": "nvd@nist.gov", "type": "Primary"}]}