CVE-2016-6198

Published on: 08/06/2016 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:12 PM UTC

CVE-2016-6198

Source: Mitre
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Certain versions of Linux Kernel from Linux contain the following vulnerability:

The filesystem layer in the Linux kernel before 4.5.5 proceeds with post-rename operations after an OverlayFS file is renamed to a self-hardlink, which allows local users to cause a denial of service (system crash) via a rename system call, related to fs/namei.c and fs/open.c.

  • CVE-2016-6198 has been assigned by [email protected] to track the vulnerability - currently rated as MEDIUM severity.

CVSS3 Score: 5.5 - MEDIUM

Attack
Vector 		Attack
Complexity		 Privileges
Required		 User
Interaction
LOCAL LOW LOW NONE
Scope Confidentiality
Impact		 Integrity
Impact		 Availability
Impact
UNCHANGED NONE NONE HIGH

CVSS2 Score: 4.9 - MEDIUM

Access
Vector		 Access
Complexity		 Authentication
LOCAL LOW NONE
Confidentiality
Impact		 Integrity
Impact		 Availability
Impact
NONE NONE COMPLETE

CVE References

Description Tags Link
Bug 1355654 – CVE-2016-6198 kernel: vfs: missing detection of hardlinks in vfs_rename() on overlayfs Issue Tracking
bugzilla.redhat.com
text/html
 URL Logo CONFIRM bugzilla.redhat.com/show_bug.cgi?id=1355654
oss-security - Re: cvs request: local DoS using rename syscall on overlayfs on top of xfs to crash the kernel - Linux kernel Exploit
Mailing List
Third Party Advisory
www.openwall.com
text/html
 URL Logo MLIST [oss-security] 20160711 Re: cvs request: local DoS using rename syscall on overlayfs on top of xfs to crash the kernel - Linux kernel
kernel/git/torvalds/linux.git - Linux kernel source tree Issue Tracking
Patch
git.kernel.org
text/html
 URL Logo CONFIRM git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54d5ca871e72f2bb172ec9323497f01cd5091ec7
Oracle Linux Bulletin - July 2016 Third Party Advisory
web.archive.org
text/html
Inactive LinkNot Archived
 URL Logo CONFIRM www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
Linux Kernel xfsoverlay Rename Bugs Let Local Users Cause Denial of Service Conditions on the Target System - SecurityTracker www.securitytracker.com
text/html
 URL Logo SECTRACK 1036273
Linux Kernel Multiple Denial of Service Vulnerabilities cve.report (archive)
text/html
 URL Logo BID 91709
vfs: rename: check backing inode being equal · torvalds/[email protected] · GitHub Issue Tracking
Patch
github.com
text/html
 URL Logo CONFIRM github.com/torvalds/linux/commit/9409e22acdfc9153f88d9b1ed2bd2a5b34d2d3ca
Red Hat Customer Portal web.archive.org
text/html
Inactive LinkNot Archived
 URL Logo REDHAT RHSA-2016:2574
Oracle VM Server for x86 Bulletin - July 2016 Vendor Advisory
web.archive.org
text/html
Inactive LinkNot Archived
 URL Logo CONFIRM www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
vfs: add vfs_select_inode() helper · torvalds/[email protected] · GitHub Issue Tracking
Patch
github.com
text/html
 URL Logo CONFIRM github.com/torvalds/linux/commit/54d5ca871e72f2bb172ec9323497f01cd5091ec7
Red Hat Customer Portal web.archive.org
text/html
Inactive LinkNot Archived
 URL Logo REDHAT RHSA-2016:1875
Release Notes
www.kernel.org
text/plain
 CONFIRM www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5
Red Hat Customer Portal web.archive.org
text/html
Inactive LinkNot Archived
 URL Logo REDHAT RHSA-2016:1847
Red Hat Customer Portal web.archive.org
text/html
Inactive LinkNot Archived
 URL Logo REDHAT RHSA-2016:2584
kernel/git/torvalds/linux.git - Linux kernel source tree Issue Tracking
Patch
git.kernel.org
text/html
 URL Logo CONFIRM git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9409e22acdfc9153f88d9b1ed2bd2a5b34d2d3ca
By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
Operating
System		LinuxLinux KernelAllAllAllAll
Operating
System		OracleLinux6AllAllAll
Operating
System		OracleLinux6AllAllAll
ApplicationOracleVm Server3.4AllAllAll
ApplicationOracleVm Server3.4AllAllAll
  • cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*:
  • cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:vm_server:3.4:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:vm_server:3.4:*:*:*:*:*:*:*: