CVE-2016-2549

Published on: 04/27/2016 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:15 PM UTC

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Certain versions of Linux Kernel from Linux contain the following vulnerability:

sound/core/hrtimer.c in the Linux kernel before 4.4.1 does not prevent recursive callback access, which allows local users to cause a denial of service (deadlock) via a crafted ioctl call.

  • CVE-2016-2549 has been assigned by [email protected] to track the vulnerability - currently rated as MEDIUM severity.

CVSS3 Score: 6.2 - MEDIUM

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
LOCAL LOW NONE NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED NONE NONE HIGH

CVSS2 Score: 2.1 - LOW

Access
Vector
Access
Complexity
Authentication
LOCAL LOW NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
NONE NONE PARTIAL

CVE References

Description Tags Link
USN-2929-2: Linux kernel (Trusty HWE) vulnerabilities | Ubuntu www.ubuntu.com
text/html
URL Logo UBUNTU USN-2929-2
USN-2931-1: Linux kernel (Utopic HWE) vulnerabilities | Ubuntu www.ubuntu.com
text/html
URL Logo UBUNTU USN-2931-1
USN-2967-2: Linux kernel (OMAP4) vulnerabilities | Ubuntu www.ubuntu.com
text/html
URL Logo UBUNTU USN-2967-2
Debian -- Security Information -- DSA-3503-1 linux www.debian.org
Depreciated Link
text/html
URL Logo DEBIAN DSA-3503
kernel/git/torvalds/linux.git - Linux kernel source tree Vendor Advisory
git.kernel.org
text/html
URL Logo CONFIRM git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2ba1fe7a06d3624f9a7586d672b55f08f7c670f3
www.kernel.org
text/plain
CONFIRM www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.1
USN-2930-3: Linux kernel (Raspberry Pi 2) vulnerabilities | Ubuntu www.ubuntu.com
text/html
URL Logo UBUNTU USN-2930-3
1311570 – (CVE-2016-2549) CVE-2016-2549 kernel: sound: spinlock lockup in sound/core/timer.c bugzilla.redhat.com
text/html
URL Logo CONFIRM bugzilla.redhat.com/show_bug.cgi?id=1311570
USN-2930-1: Linux kernel vulnerabilities | Ubuntu www.ubuntu.com
text/html
URL Logo UBUNTU USN-2930-1
USN-2930-2: Linux kernel (Wily HWE) vulnerabilities | Ubuntu www.ubuntu.com
text/html
URL Logo UBUNTU USN-2930-2
[security-announce] SUSE-SU-2016:1102-1: important: Security update for lists.opensuse.org
text/html
URL Logo SUSE SUSE-SU-2016:1102
[security-announce] SUSE-SU-2016:2074-1: important: Security update for lists.opensuse.org
text/html
URL Logo SUSE SUSE-SU-2016:2074
ALSA: hrtimer: Fix stall by hrtimer_cancel() · torvalds/[email protected] · GitHub github.com
text/html
URL Logo CONFIRM github.com/torvalds/linux/commit/2ba1fe7a06d3624f9a7586d672b55f08f7c670f3
oss-security - Security bugs in Linux kernel sound subsystem www.openwall.com
text/html
URL Logo MLIST [oss-security] 20160119 Security bugs in Linux kernel sound subsystem
USN-2932-1: Linux kernel (Vivid HWE) vulnerabilities | Ubuntu www.ubuntu.com
text/html
URL Logo UBUNTU USN-2932-1
USN-2967-1: Linux kernel vulnerabilities | Ubuntu www.ubuntu.com
text/html
URL Logo UBUNTU USN-2967-1
USN-2929-1: Linux kernel vulnerabilities | Ubuntu www.ubuntu.com
text/html
URL Logo UBUNTU USN-2929-1
[security-announce] SUSE-SU-2016:0911-1: important: Security update for lists.opensuse.org
text/html
URL Logo SUSE SUSE-SU-2016:0911
Linux Kernel CVE-2016-2549 Local Denial of Service Vulnerability cve.report (archive)
text/html
URL Logo BID 83382

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
Operating
System
LinuxLinux KernelAllAllAllAll
  • cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*: