CVE-2016-7916 - OpenCVE

Race condition in the environ_read function in fs/proc/base.c in the Linux kernel before 4.5.4 allows local users to obtain sensitive information from kernel memory by reading a /proc/*/environ file during a process-setup time interval in which environment-variable copying is incomplete.

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact None

Availability Impact None

AV:L/AC:M/Au:N/C:C/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Linux	Linux Kernel

Configuration 1 [-]

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

References

Link	Resource
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8148a73c9901a8794a50f950083c00ccf97d43b3	Issue Tracking Patch Third Party Advisory
http://source.android.com/security/bulletin/2016-11-01.html	Third Party Advisory
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.4	Release Notes Vendor Advisory
http://www.securityfocus.com/bid/94138	Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-3159-1
http://www.ubuntu.com/usn/USN-3159-2
https://bugzilla.kernel.org/show_bug.cgi?id=116461	Issue Tracking
https://forums.grsecurity.net/viewtopic.php?f=3&t=4363	Issue Tracking
https://github.com/torvalds/linux/commit/8148a73c9901a8794a50f950083c00ccf97d43b3	Issue Tracking Patch Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: google_android

Published: 2016-11-16T04:49:00

Updated: 2017-01-12T22:57:01

Reserved: 2016-09-09T00:00:00

Link: CVE-2016-7916

JSON object: View

NVD Information

Status : Modified

Published: 2016-11-16T05:59:11.017

Modified: 2017-01-18T02:59:12.610

Link: CVE-2016-7916

JSON object: View

Redhat Information

No data.

CWE

CWE-362

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-04-27T00:00:00", "descriptions": [{"lang": "en", "value": "Race condition in the environ_read function in fs/proc/base.c in the Linux kernel before 4.5.4 allows local users to obtain sensitive information from kernel memory by reading a /proc/*/environ file during a process-setup time interval in which environment-variable copying is incomplete."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-01-12T22:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://source.android.com/security/bulletin/2016-11-01.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.kernel.org/show_bug.cgi?id=116461"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.4"}, {"name": "USN-3159-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-3159-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://forums.grsecurity.net/viewtopic.php?f=3&t=4363"}, {"name": "USN-3159-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-3159-2"}, {"name": "94138", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/94138"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8148a73c9901a8794a50f950083c00ccf97d43b3"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/torvalds/linux/commit/8148a73c9901a8794a50f950083c00ccf97d43b3"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@android.com", "ID": "CVE-2016-7916", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Race condition in the environ_read function in fs/proc/base.c in the Linux kernel before 4.5.4 allows local users to obtain sensitive information from kernel memory by reading a /proc/*/environ file during a process-setup time interval in which environment-variable copying is incomplete."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://source.android.com/security/bulletin/2016-11-01.html", "refsource": "CONFIRM", "url": "http://source.android.com/security/bulletin/2016-11-01.html"}, {"name": "https://bugzilla.kernel.org/show_bug.cgi?id=116461", "refsource": "CONFIRM", "url": "https://bugzilla.kernel.org/show_bug.cgi?id=116461"}, {"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.4", "refsource": "CONFIRM", "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.4"}, {"name": "USN-3159-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-3159-1"}, {"name": "https://forums.grsecurity.net/viewtopic.php?f=3&t=4363", "refsource": "CONFIRM", "url": "https://forums.grsecurity.net/viewtopic.php?f=3&t=4363"}, {"name": "USN-3159-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-3159-2"}, {"name": "94138", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94138"}, {"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8148a73c9901a8794a50f950083c00ccf97d43b3", "refsource": "CONFIRM", "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8148a73c9901a8794a50f950083c00ccf97d43b3"}, {"name": "https://github.com/torvalds/linux/commit/8148a73c9901a8794a50f950083c00ccf97d43b3", "refsource": "CONFIRM", "url": "https://github.com/torvalds/linux/commit/8148a73c9901a8794a50f950083c00ccf97d43b3"}]}}}}, "cveMetadata": {"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-7916", "datePublished": "2016-11-16T04:49:00", "dateReserved": "2016-09-09T00:00:00", "dateUpdated": "2017-01-12T22:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E7AEB8DD-7C80-4B48-98E0-0502F1575337", "versionEndIncluding": "4.5.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Race condition in the environ_read function in fs/proc/base.c in the Linux kernel before 4.5.4 allows local users to obtain sensitive information from kernel memory by reading a /proc/*/environ file during a process-setup time interval in which environment-variable copying is incomplete."}, {"lang": "es", "value": "La condici\u00f3n de carrera en la funci\u00f3n environ_read en fs / proc / base.c en el kernel de Linux antes de 4.5.4 permite a usuarios locales obtener informaci\u00f3n sensible de la memoria del kernel leyendo un archivo / proc / * / environ durante un intervalo de tiempo de configuraci\u00f3n del proceso cuya copia de variabilidad de entorno es incompleta."}], "id": "CVE-2016-7916", "lastModified": "2017-01-18T02:59:12.610", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.7, "confidentialityImpact": "COMPLETE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-11-16T05:59:11.017", "references": [{"source": "security@android.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8148a73c9901a8794a50f950083c00ccf97d43b3"}, {"source": "security@android.com", "tags": ["Third Party Advisory"], "url": "http://source.android.com/security/bulletin/2016-11-01.html"}, {"source": "security@android.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.4"}, {"source": "security@android.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/94138"}, {"source": "security@android.com", "url": "http://www.ubuntu.com/usn/USN-3159-1"}, {"source": "security@android.com", "url": "http://www.ubuntu.com/usn/USN-3159-2"}, {"source": "security@android.com", "tags": ["Issue Tracking"], "url": "https://bugzilla.kernel.org/show_bug.cgi?id=116461"}, {"source": "security@android.com", "tags": ["Issue Tracking"], "url": "https://forums.grsecurity.net/viewtopic.php?f=3&t=4363"}, {"source": "security@android.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/torvalds/linux/commit/8148a73c9901a8794a50f950083c00ccf97d43b3"}], "sourceIdentifier": "security@android.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}], "source": "nvd@nist.gov", "type": "Primary"}]}