{"api_version":"1","generated_at":"2026-04-23T01:18:25+00:00","cve":"CVE-2016-4913","urls":{"html":"https://cve.report/CVE-2016-4913","api":"https://cve.report/api/cve/CVE-2016-4913.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2016-4913","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2016-4913"},"summary":{"title":"CVE-2016-4913","description":"The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM (aka alternate name) entries containing \\0 characters, which allows local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs filesystem.","state":"PUBLIC","assigner":"security@debian.org","published_at":"2016-05-23 10:59:00","updated_at":"2023-09-12 14:45:00"},"problem_types":["CWE-200"],"metrics":[],"references":[{"url":"http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=99d825822eade8d827a1817357cbf3f889a552d6","name":"http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=99d825822eade8d827a1817357cbf3f889a552d6","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"kernel/git/torvalds/linux.git - Linux kernel source tree","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/90730","name":"90730","refsource":"BID","tags":[],"title":"Linux Kernel 'fs/isofs/rock.c' Local Information Disclosure Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.ubuntu.com/usn/USN-3018-2","name":"USN-3018-2","refsource":"UBUNTU","tags":["Third Party Advisory"],"title":"USN-3018-2: Linux kernel (Trusty HWE) vulnerabilities | Ubuntu","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.ubuntu.com/usn/USN-3016-3","name":"USN-3016-3","refsource":"UBUNTU","tags":["Third Party Advisory"],"title":"USN-3016-3: Linux kernel (Qualcomm Snapdragon) vulnerabilities | Ubuntu","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.openwall.com/lists/oss-security/2016/05/18/3","name":"[oss-security] 20160518 CVE Request: Linux: information leak in Rock Ridge Extensions to iso9660 -- fs/isofs/rock.c","refsource":"MLIST","tags":["Patch"],"title":"oss-security - CVE Request: Linux: information leak in Rock Ridge Extensions to\n iso9660 -- fs/isofs/rock.c","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.ubuntu.com/usn/USN-3016-1","name":"USN-3016-1","refsource":"UBUNTU","tags":["Third Party Advisory"],"title":"USN-3016-1: Linux kernel vulnerabilities | Ubuntu","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.ubuntu.com/usn/USN-3017-3","name":"USN-3017-3","refsource":"UBUNTU","tags":["Third Party Advisory"],"title":"USN-3017-3: Linux kernel (Wily HWE) vulnerabilities | Ubuntu","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html","name":"http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html","refsource":"CONFIRM","tags":["Third Party Advisory"],"title":"Oracle Linux Bulletin - July 2016","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html","name":"SUSE-SU-2016:1985","refsource":"SUSE","tags":[],"title":"[security-announce] SUSE-SU-2016:1985-1: important: Security update for","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.ubuntu.com/usn/USN-3021-2","name":"USN-3021-2","refsource":"UBUNTU","tags":["Third Party Advisory"],"title":"USN-3021-2: Linux kernel (OMAP4) vulnerabilities | Ubuntu","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.openwall.com/lists/oss-security/2016/05/18/5","name":"[oss-security] 20160518 Re: CVE Request: Linux: information leak in Rock Ridge Extensions to iso9660 -- fs/isofs/rock.c","refsource":"MLIST","tags":["Patch"],"title":"oss-security - Re: CVE Request: Linux: information leak in Rock Ridge Extensions to iso9660 -- fs/isofs/rock.c","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.ubuntu.com/usn/USN-3017-1","name":"USN-3017-1","refsource":"UBUNTU","tags":["Third Party Advisory"],"title":"USN-3017-1: Linux kernel vulnerabilities | Ubuntu","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2018:3083","name":"RHSA-2018:3083","refsource":"REDHAT","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.ubuntu.com/usn/USN-3017-2","name":"USN-3017-2","refsource":"UBUNTU","tags":["Third Party Advisory"],"title":"USN-3017-2: Linux kernel (Raspberry Pi 2) vulnerabilities | Ubuntu","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.ubuntu.com/usn/USN-3016-4","name":"USN-3016-4","refsource":"UBUNTU","tags":["Third Party Advisory"],"title":"USN-3016-4: Linux kernel (Xenial HWE) vulnerabilities | Ubuntu","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.ubuntu.com/usn/USN-3021-1","name":"USN-3021-1","refsource":"UBUNTU","tags":["Third Party Advisory"],"title":"USN-3021-1: Linux kernel vulnerabilities | Ubuntu","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html","name":"SUSE-SU-2016:1672","refsource":"SUSE","tags":["Third Party Advisory"],"title":"[security-announce] SUSE-SU-2016:1672-1: important: Security update for","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.ubuntu.com/usn/USN-3019-1","name":"USN-3019-1","refsource":"UBUNTU","tags":["Third Party Advisory"],"title":"USN-3019-1: Linux kernel (Utopic HWE) vulnerabilities | Ubuntu","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.debian.org/security/2016/dsa-3607","name":"DSA-3607","refsource":"DEBIAN","tags":[],"title":"Debian -- Security Information -- DSA-3607-1 linux","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5","name":"http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5","refsource":"CONFIRM","tags":[],"title":"","mime":"text/plain","httpstatus":"200","archivestatus":"200"},{"url":"https://github.com/torvalds/linux/commit/99d825822eade8d827a1817357cbf3f889a552d6","name":"https://github.com/torvalds/linux/commit/99d825822eade8d827a1817357cbf3f889a552d6","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"get_rock_ridge_filename(): handle malformed NM entries · torvalds/linux@99d8258 · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html","name":"http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html","refsource":"CONFIRM","tags":[],"title":"Oracle VM Server for x86 Bulletin - October 2016","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.ubuntu.com/usn/USN-3020-1","name":"USN-3020-1","refsource":"UBUNTU","tags":["Third Party Advisory"],"title":"USN-3020-1: Linux kernel (Vivid HWE) vulnerabilities | Ubuntu","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.ubuntu.com/usn/USN-3016-2","name":"USN-3016-2","refsource":"UBUNTU","tags":["Third Party Advisory"],"title":"USN-3016-2: Linux kernel (Raspberry Pi 2) vulnerabilities | Ubuntu","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1337528","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1337528","refsource":"CONFIRM","tags":["Issue Tracking","Third Party Advisory","VDB Entry"],"title":"1337528 – (CVE-2016-4913) CVE-2016-4913 kernel: Information leak when handling NM entries containing NUL","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2018:3096","name":"RHSA-2018:3096","refsource":"REDHAT","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.ubuntu.com/usn/USN-3018-1","name":"USN-3018-1","refsource":"UBUNTU","tags":["Third Party Advisory"],"title":"USN-3018-1: Linux kernel vulnerabilities | Ubuntu","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2016-4913","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-4913","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2016","cve_id":"4913","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"12.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"4913","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"14.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"4913","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"15.10","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"4913","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"16.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"4913","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"12.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"4913","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"14.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"4913","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"15.10","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"4913","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"16.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"4913","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"4913","vulnerable":"1","versionEndIncluding":"4.5.4","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"4913","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"novell","cpe5":"suse_linux_enterprise_debuginfo","cpe6":"11.0","cpe7":"sp4","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"4913","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"novell","cpe5":"suse_linux_enterprise_debuginfo","cpe6":"11.0","cpe7":"sp4","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"4913","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"novell","cpe5":"suse_linux_enterprise_server","cpe6":"11.0","cpe7":"extra","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"4913","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"novell","cpe5":"suse_linux_enterprise_server","cpe6":"11.0","cpe7":"sp4","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"4913","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"novell","cpe5":"suse_linux_enterprise_server","cpe6":"11.0","cpe7":"extra","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"4913","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"novell","cpe5":"suse_linux_enterprise_server","cpe6":"11.0","cpe7":"sp4","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"4913","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"novell","cpe5":"suse_linux_enterprise_software_development_kit","cpe6":"11.0","cpe7":"sp4","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"4913","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"novell","cpe5":"suse_linux_enterprise_software_development_kit","cpe6":"11.0","cpe7":"sp4","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"4913","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"novell","cpe5":"suse_linux_enterprise_software_development_kit","cpe6":"11.0","cpe7":"sp4","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"4913","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"oracle","cpe5":"linux","cpe6":"6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2016","cve_id":"4913","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"oracle","cpe5":"linux","cpe6":"6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"security@debian.org","ID":"CVE-2016-4913","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM (aka alternate name) entries containing \\0 characters, which allows local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs filesystem."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"RHSA-2018:3083","refsource":"REDHAT","url":"https://access.redhat.com/errata/RHSA-2018:3083"},{"name":"https://github.com/torvalds/linux/commit/99d825822eade8d827a1817357cbf3f889a552d6","refsource":"CONFIRM","url":"https://github.com/torvalds/linux/commit/99d825822eade8d827a1817357cbf3f889a552d6"},{"name":"http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html","refsource":"CONFIRM","url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"},{"name":"USN-3017-1","refsource":"UBUNTU","url":"http://www.ubuntu.com/usn/USN-3017-1"},{"name":"SUSE-SU-2016:1985","refsource":"SUSE","url":"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"},{"name":"USN-3017-3","refsource":"UBUNTU","url":"http://www.ubuntu.com/usn/USN-3017-3"},{"name":"USN-3018-2","refsource":"UBUNTU","url":"http://www.ubuntu.com/usn/USN-3018-2"},{"name":"USN-3021-2","refsource":"UBUNTU","url":"http://www.ubuntu.com/usn/USN-3021-2"},{"name":"https://bugzilla.redhat.com/show_bug.cgi?id=1337528","refsource":"CONFIRM","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1337528"},{"name":"USN-3017-2","refsource":"UBUNTU","url":"http://www.ubuntu.com/usn/USN-3017-2"},{"name":"USN-3019-1","refsource":"UBUNTU","url":"http://www.ubuntu.com/usn/USN-3019-1"},{"name":"DSA-3607","refsource":"DEBIAN","url":"http://www.debian.org/security/2016/dsa-3607"},{"name":"USN-3016-2","refsource":"UBUNTU","url":"http://www.ubuntu.com/usn/USN-3016-2"},{"name":"USN-3016-1","refsource":"UBUNTU","url":"http://www.ubuntu.com/usn/USN-3016-1"},{"name":"SUSE-SU-2016:1672","refsource":"SUSE","url":"http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html"},{"name":"USN-3021-1","refsource":"UBUNTU","url":"http://www.ubuntu.com/usn/USN-3021-1"},{"name":"[oss-security] 20160518 Re: CVE Request: Linux: information leak in Rock Ridge Extensions to iso9660 -- fs/isofs/rock.c","refsource":"MLIST","url":"http://www.openwall.com/lists/oss-security/2016/05/18/5"},{"name":"USN-3018-1","refsource":"UBUNTU","url":"http://www.ubuntu.com/usn/USN-3018-1"},{"name":"[oss-security] 20160518 CVE Request: Linux: information leak in Rock Ridge Extensions to iso9660 -- fs/isofs/rock.c","refsource":"MLIST","url":"http://www.openwall.com/lists/oss-security/2016/05/18/3"},{"name":"http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5","refsource":"CONFIRM","url":"http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5"},{"name":"http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html","refsource":"CONFIRM","url":"http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"},{"name":"90730","refsource":"BID","url":"http://www.securityfocus.com/bid/90730"},{"name":"http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=99d825822eade8d827a1817357cbf3f889a552d6","refsource":"CONFIRM","url":"http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=99d825822eade8d827a1817357cbf3f889a552d6"},{"name":"USN-3016-3","refsource":"UBUNTU","url":"http://www.ubuntu.com/usn/USN-3016-3"},{"name":"USN-3016-4","refsource":"UBUNTU","url":"http://www.ubuntu.com/usn/USN-3016-4"},{"name":"RHSA-2018:3096","refsource":"REDHAT","url":"https://access.redhat.com/errata/RHSA-2018:3096"},{"name":"USN-3020-1","refsource":"UBUNTU","url":"http://www.ubuntu.com/usn/USN-3020-1"}]}},"nvd":{"publishedDate":"2016-05-23 10:59:00","lastModifiedDate":"2023-09-12 14:45:00","problem_types":["CWE-200"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":7.2},"severity":"HIGH","exploitabilityScore":3.9,"impactScore":10,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.3","versionEndExcluding":"3.10.102","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.5","versionEndExcluding":"4.5.5","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"3.2.81","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.15","versionEndExcluding":"3.16.36","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.17","versionEndExcluding":"3.18.34","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.19","versionEndExcluding":"4.1.25","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.11","versionEndExcluding":"3.12.60","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.13","versionEndExcluding":"3.14.70","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.2","versionEndExcluding":"4.4.11","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:sp4:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:extra:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:novell:suse_linux_enterprise_debuginfo:11.0:sp4:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:11.0:sp4:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2016","CveId":"4913","Ordinal":"90850","Title":"CVE-2016-4913","CVE":"CVE-2016-4913","Year":"2016"},"notes":[{"CveYear":"2016","CveId":"4913","Ordinal":"1","NoteData":"The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM (aka alternate name) entries containing \\0 characters, which allows local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs filesystem.","Type":"Description","Title":null},{"CveYear":"2016","CveId":"4913","Ordinal":"2","NoteData":"2016-05-23","Type":"Other","Title":"Published"},{"CveYear":"2016","CveId":"4913","Ordinal":"3","NoteData":"2018-10-31","Type":"Other","Title":"Modified"}]}}}