CVE-2016-2143

Published on: 04/27/2016 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:14 PM UTC

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Certain versions of Debian Linux from Debian contain the following vulnerability:

The fork implementation in the Linux kernel before 4.5 on s390 platforms mishandles the case of four page-table levels, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted application, related to arch/s390/include/asm/mmu_context.h and arch/s390/include/asm/pgalloc.h.

  • CVE-2016-2143 has been assigned by [email protected] to track the vulnerability - currently rated as HIGH severity.

CVSS3 Score: 7.8 - HIGH

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
LOCAL LOW NONE REQUIRED
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED HIGH HIGH HIGH

CVSS2 Score: 6.9 - MEDIUM

Access
Vector
Access
Complexity
Authentication
LOCAL MEDIUM NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
COMPLETE COMPLETE COMPLETE

CVE References

Description Tags Link
kernel/git/torvalds/linux.git - Linux kernel source tree Vendor Advisory
git.kernel.org
text/html
URL Logo CONFIRM git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3446c13b268af86391d06611327006b059b8bab1
[security-announce] SUSE-SU-2016:1707-1: important: Security update for lists.opensuse.org
text/html
URL Logo SUSE SUSE-SU-2016:1707
CVE-2016-2143 security-tracker.debian.org
text/html
URL Logo CONFIRM security-tracker.debian.org/tracker/CVE-2016-2143
Oracle Linux Bulletin - July 2016 web.archive.org
text/html
Inactive LinkNot Archived
URL Logo CONFIRM www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
Red Hat Customer Portal web.archive.org
text/html
Inactive LinkNot Archived
URL Logo REDHAT RHSA-2016:2766
Red Hat Customer Portal web.archive.org
text/html
Inactive LinkNot Archived
URL Logo REDHAT RHSA-2016:1539
s390/mm: four page table levels vs. fork · torvalds/[email protected] · GitHub github.com
text/html
URL Logo CONFIRM github.com/torvalds/linux/commit/3446c13b268af86391d06611327006b059b8bab1
[security-announce] SUSE-SU-2016:2074-1: important: Security update for lists.opensuse.org
text/html
URL Logo SUSE SUSE-SU-2016:2074
[security-announce] SUSE-SU-2016:1672-1: important: Security update for lists.opensuse.org
text/html
URL Logo SUSE SUSE-SU-2016:1672
Debian -- Security Information -- DSA-3607-1 linux www.debian.org
Depreciated Link
text/html
URL Logo DEBIAN DSA-3607
[security-announce] SUSE-SU-2016:1764-1: important: Security update for lists.opensuse.org
text/html
URL Logo SUSE SUSE-SU-2016:1764
[security-announce] SUSE-SU-2016:1690-1: important: Security update for lists.opensuse.org
text/html
URL Logo SUSE SUSE-SU-2016:1690
[security-announce] SUSE-SU-2016:1019-1: important: Security update for lists.opensuse.org
text/html
URL Logo SUSE SUSE-SU-2016:1019

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
Operating
System
DebianDebian Linux7.0AllAllAll
Operating
System
DebianDebian Linux8.0AllAllAll
Operating
System
DebianDebian Linux7.0AllAllAll
Operating
System
DebianDebian Linux8.0AllAllAll
Operating
System
LinuxLinux Kernel4.4rc8AllAll
Operating
System
LinuxLinux Kernel4.4rc8AllAll
  • cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:linux:linux_kernel:4.4:rc8:*:*:*:*:*:*:
  • cpe:2.3:o:linux:linux_kernel:4.4:rc8:*:*:*:*:*:*: