CVE-2016-6198

Published on: 08/06/2016 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:12 PM UTC

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Certain versions of Linux Kernel from Linux contain the following vulnerability:

The filesystem layer in the Linux kernel before 4.5.5 proceeds with post-rename operations after an OverlayFS file is renamed to a self-hardlink, which allows local users to cause a denial of service (system crash) via a rename system call, related to fs/namei.c and fs/open.c.

  • CVE-2016-6198 has been assigned by [email protected] to track the vulnerability - currently rated as MEDIUM severity.

CVSS3 Score: 5.5 - MEDIUM

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
LOCAL LOW LOW NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED NONE NONE HIGH

CVSS2 Score: 4.9 - MEDIUM

Access
Vector
Access
Complexity
Authentication
LOCAL LOW NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
NONE NONE COMPLETE

CVE References

Description Tags Link
Bug 1355654 – CVE-2016-6198 kernel: vfs: missing detection of hardlinks in vfs_rename() on overlayfs Issue Tracking
bugzilla.redhat.com
text/html
URL Logo CONFIRM bugzilla.redhat.com/show_bug.cgi?id=1355654
oss-security - Re: cvs request: local DoS using rename syscall on overlayfs on top of xfs to crash the kernel - Linux kernel Exploit
Mailing List
Third Party Advisory
www.openwall.com
text/html
URL Logo MLIST [oss-security] 20160711 Re: cvs request: local DoS using rename syscall on overlayfs on top of xfs to crash the kernel - Linux kernel
kernel/git/torvalds/linux.git - Linux kernel source tree Issue Tracking
Patch
git.kernel.org
text/html
URL Logo CONFIRM git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54d5ca871e72f2bb172ec9323497f01cd5091ec7
Oracle Linux Bulletin - July 2016 Third Party Advisory
web.archive.org
text/html
Inactive LinkNot Archived
URL Logo CONFIRM www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
Linux Kernel xfsoverlay Rename Bugs Let Local Users Cause Denial of Service Conditions on the Target System - SecurityTracker www.securitytracker.com
text/html
URL Logo SECTRACK 1036273
Linux Kernel Multiple Denial of Service Vulnerabilities cve.report (archive)
text/html
URL Logo BID 91709
vfs: rename: check backing inode being equal · torvalds/[email protected] · GitHub Issue Tracking
Patch
github.com
text/html
URL Logo CONFIRM github.com/torvalds/linux/commit/9409e22acdfc9153f88d9b1ed2bd2a5b34d2d3ca
Red Hat Customer Portal web.archive.org
text/html
Inactive LinkNot Archived
URL Logo REDHAT RHSA-2016:2574
Oracle VM Server for x86 Bulletin - July 2016 Vendor Advisory
web.archive.org
text/html
Inactive LinkNot Archived
URL Logo CONFIRM www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
vfs: add vfs_select_inode() helper · torvalds/[email protected] · GitHub Issue Tracking
Patch
github.com
text/html
URL Logo CONFIRM github.com/torvalds/linux/commit/54d5ca871e72f2bb172ec9323497f01cd5091ec7
Red Hat Customer Portal web.archive.org
text/html
Inactive LinkNot Archived
URL Logo REDHAT RHSA-2016:1875
Release Notes
www.kernel.org
text/plain
CONFIRM www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5
Red Hat Customer Portal web.archive.org
text/html
Inactive LinkNot Archived
URL Logo REDHAT RHSA-2016:1847
Red Hat Customer Portal web.archive.org
text/html
Inactive LinkNot Archived
URL Logo REDHAT RHSA-2016:2584
kernel/git/torvalds/linux.git - Linux kernel source tree Issue Tracking
Patch
git.kernel.org
text/html
URL Logo CONFIRM git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9409e22acdfc9153f88d9b1ed2bd2a5b34d2d3ca

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
Operating
System
LinuxLinux KernelAllAllAllAll
Operating
System
OracleLinux6AllAllAll
Operating
System
OracleLinux6AllAllAll
ApplicationOracleVm Server3.4AllAllAll
ApplicationOracleVm Server3.4AllAllAll
  • cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*:
  • cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:vm_server:3.4:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:vm_server:3.4:*:*:*:*:*:*:*: