CVE-2016-4557

Published on: 05/23/2016 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:26:59 PM UTC

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Certain versions of Linux Kernel from Linux contain the following vulnerability:

The replace_map_fd_with_map_ptr function in kernel/bpf/verifier.c in the Linux kernel before 4.5.5 does not properly maintain an fd data structure, which allows local users to gain privileges or cause a denial of service (use-after-free) via crafted BPF instructions that reference an incorrect file descriptor.

  • CVE-2016-4557 has been assigned by URL Logo [email protected] to track the vulnerability - currently rated as HIGH severity.

CVSS3 Score: 7.8 - HIGH

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
LOCAL LOW LOW NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED HIGH HIGH HIGH

CVSS2 Score: 7.2 - HIGH

Access
Vector
Access
Complexity
Authentication
LOCAL LOW NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
COMPLETE COMPLETE COMPLETE

CVE References

Description Tags Link
1334307 – (CVE-2016-4557) CVE-2016-4557 kernel: Use after free vulnerability via double fdput bugzilla.redhat.com
text/html
URL Logo CONFIRM bugzilla.redhat.com/show_bug.cgi?id=1334307
kernel/git/torvalds/linux.git - Linux kernel source tree git.kernel.org
text/html
URL Logo CONFIRM git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8358b02bf67d3a5d8a825070e1aa73f25fb2e4c7
[security-announce] openSUSE-SU-2016:1641-1: important: Security update lists.opensuse.org
text/html
URL Logo SUSE openSUSE-SU-2016:1641
oss-security - CVE Requests: Linux: BPF flaws (one use-after-free / local root privilege escalation) www.openwall.com
text/html
URL Logo MLIST [oss-security] 20160506 CVE Requests: Linux: BPF flaws (one use-after-free / local root privilege escalation)
#823603 - linux: CVE-2016-4557: [Local root exploit] Use after free via double-fdput in bpf - Debian Bug report logs bugs.debian.org
text/html
URL Logo CONFIRM bugs.debian.org/823603
808 - Linux: UAF via double-fdput() in bpf(BPF_PROG_LOAD) error path - project-zero - Monorail bugs.chromium.org
text/html
URL Logo MISC bugs.chromium.org/p/project-zero/issues/detail?id=808
www.kernel.org
text/plain
URL Logo CONFIRM www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5
bpf: fix double-fdput in replace_map_fd_with_map_ptr() · torvalds/[email protected] · GitHub Vendor Advisory
github.com
text/html
URL Logo CONFIRM github.com/torvalds/linux/commit/8358b02bf67d3a5d8a825070e1aa73f25fb2e4c7
Exploit – Page 40759 – Exploits Database www.exploit-db.com
Proof of Concept
text/html
URL Logo EXPLOIT-DB 40759

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
Operating
System
LinuxLinux KernelAllAllAllAll
  • cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*: