CVE-2016-4913
Summary
| CVE | CVE-2016-4913 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2016-05-23 10:59:00 UTC |
| Updated | 2023-09-12 14:45:00 UTC |
| Description | The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM (aka alternate name) entries containing \0 characters, which allows local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs filesystem. |
Risk And Classification
Problem Types: CWE-200
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Canonical | Ubuntu Linux | 12.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 14.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 15.10 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 16.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 12.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 14.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 15.10 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 16.04 | All | All | All |
| Operating System | Linux | Linux Kernel | All | All | All | All |
| Operating System | Linux | Linux Kernel | All | All | All | All |
| Operating System | Novell | Suse Linux Enterprise Debuginfo | 11.0 | sp4 | All | All |
| Operating System | Novell | Suse Linux Enterprise Debuginfo | 11.0 | sp4 | All | All |
| Operating System | Novell | Suse Linux Enterprise Server | 11.0 | extra | All | All |
| Operating System | Novell | Suse Linux Enterprise Server | 11.0 | sp4 | All | All |
| Operating System | Novell | Suse Linux Enterprise Server | 11.0 | extra | All | All |
| Operating System | Novell | Suse Linux Enterprise Server | 11.0 | sp4 | All | All |
| Application | Novell | Suse Linux Enterprise Software Development Kit | 11.0 | sp4 | All | All |
| Operating System | Novell | Suse Linux Enterprise Software Development Kit | 11.0 | sp4 | All | All |
| Operating System | Novell | Suse Linux Enterprise Software Development Kit | 11.0 | sp4 | All | All |
| Operating System | Oracle | Linux | 6 | All | All | All |
| Operating System | Oracle | Linux | 6 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| kernel/git/torvalds/linux.git - Linux kernel source tree | CONFIRM | git.kernel.org | Vendor Advisory |
| Linux Kernel 'fs/isofs/rock.c' Local Information Disclosure Vulnerability | BID | www.securityfocus.com | |
| USN-3018-2: Linux kernel (Trusty HWE) vulnerabilities | Ubuntu | UBUNTU | www.ubuntu.com | Third Party Advisory |
| USN-3016-3: Linux kernel (Qualcomm Snapdragon) vulnerabilities | Ubuntu | UBUNTU | www.ubuntu.com | Third Party Advisory |
| oss-security - CVE Request: Linux: information leak in Rock Ridge Extensions to iso9660 -- fs/isofs/rock.c | MLIST | www.openwall.com | Patch |
| USN-3016-1: Linux kernel vulnerabilities | Ubuntu | UBUNTU | www.ubuntu.com | Third Party Advisory |
| USN-3017-3: Linux kernel (Wily HWE) vulnerabilities | Ubuntu | UBUNTU | www.ubuntu.com | Third Party Advisory |
| Oracle Linux Bulletin - July 2016 | CONFIRM | www.oracle.com | Third Party Advisory |
| [security-announce] SUSE-SU-2016:1985-1: important: Security update for | SUSE | lists.opensuse.org | |
| USN-3021-2: Linux kernel (OMAP4) vulnerabilities | Ubuntu | UBUNTU | www.ubuntu.com | Third Party Advisory |
| oss-security - Re: CVE Request: Linux: information leak in Rock Ridge Extensions to iso9660 -- fs/isofs/rock.c | MLIST | www.openwall.com | Patch |
| USN-3017-1: Linux kernel vulnerabilities | Ubuntu | UBUNTU | www.ubuntu.com | Third Party Advisory |
| Red Hat Customer Portal | REDHAT | access.redhat.com | |
| USN-3017-2: Linux kernel (Raspberry Pi 2) vulnerabilities | Ubuntu | UBUNTU | www.ubuntu.com | Third Party Advisory |
| USN-3016-4: Linux kernel (Xenial HWE) vulnerabilities | Ubuntu | UBUNTU | www.ubuntu.com | Third Party Advisory |
| USN-3021-1: Linux kernel vulnerabilities | Ubuntu | UBUNTU | www.ubuntu.com | Third Party Advisory |
| [security-announce] SUSE-SU-2016:1672-1: important: Security update for | SUSE | lists.opensuse.org | Third Party Advisory |
| USN-3019-1: Linux kernel (Utopic HWE) vulnerabilities | Ubuntu | UBUNTU | www.ubuntu.com | Third Party Advisory |
| Debian -- Security Information -- DSA-3607-1 linux | DEBIAN | www.debian.org | |
| www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5 | CONFIRM | www.kernel.org | |
| get_rock_ridge_filename(): handle malformed NM entries · torvalds/linux@99d8258 · GitHub | CONFIRM | github.com | Vendor Advisory |
| Oracle VM Server for x86 Bulletin - October 2016 | CONFIRM | www.oracle.com | |
| USN-3020-1: Linux kernel (Vivid HWE) vulnerabilities | Ubuntu | UBUNTU | www.ubuntu.com | Third Party Advisory |
| USN-3016-2: Linux kernel (Raspberry Pi 2) vulnerabilities | Ubuntu | UBUNTU | www.ubuntu.com | Third Party Advisory |
| 1337528 – (CVE-2016-4913) CVE-2016-4913 kernel: Information leak when handling NM entries containing NUL | CONFIRM | bugzilla.redhat.com | Issue Tracking, Third Party Advisory, VDB Entry |
| Red Hat Customer Portal | REDHAT | access.redhat.com | |
| USN-3018-1: Linux kernel vulnerabilities | Ubuntu | UBUNTU | www.ubuntu.com | Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.