Vulnerability-Lookup

CVE-2016-8636 (GCVE-0-2016-8636)

Vulnerability from cvelistv5 – Published: 2017-02-22 16:00 – Updated: 2024-08-06 02:27

Summary

Integer overflow in the mem_check_range function in drivers/infiniband/sw/rxe/rxe_mr.c in the Linux kernel before 4.9.10 allows local users to cause a denial of service (memory corruption), obtain sensitive information from kernel memory, or possibly have unspecified other impact via a write or read request involving the "RDMA protocol over infiniband" (aka Soft RoCE) technology.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	http://www.securityfocus.com/bid/96189	vdb-entryx_refsource_BID
	http://www.openwall.com/lists/oss-security/2017/02/11/9	mailing-listx_refsource_MLIST
	http://www.kernel.org/pub/linux/kernel/v4.x/Chang…	x_refsource_CONFIRM
	https://eyalitkin.wordpress.com/2017/02/11/cve-pu…	x_refsource_MISC
	http://git.kernel.org/cgit/linux/kernel/git/torva…	x_refsource_CONFIRM
	https://bugzilla.redhat.com/show_bug.cgi?id=1421981	x_refsource_CONFIRM
	https://github.com/torvalds/linux/commit/647bf3d8…	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:27:41.119Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "96189",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/96189"
          },
          {
            "name": "[oss-security] 20170211 CVE publication request - CVE 2016-8636",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2017/02/11/9"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.10"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://eyalitkin.wordpress.com/2017/02/11/cve-publication-cve-2016-8636/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=647bf3d8a8e5777319da92af672289b2a6c4dc66"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1421981"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/647bf3d8a8e5777319da92af672289b2a6c4dc66"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-02-11T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer overflow in the mem_check_range function in drivers/infiniband/sw/rxe/rxe_mr.c in the Linux kernel before 4.9.10 allows local users to cause a denial of service (memory corruption), obtain sensitive information from kernel memory, or possibly have unspecified other impact via a write or read request involving the \"RDMA protocol over infiniband\" (aka Soft RoCE) technology."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-02-28T10:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "96189",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/96189"
        },
        {
          "name": "[oss-security] 20170211 CVE publication request - CVE 2016-8636",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2017/02/11/9"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.10"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://eyalitkin.wordpress.com/2017/02/11/cve-publication-cve-2016-8636/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=647bf3d8a8e5777319da92af672289b2a6c4dc66"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1421981"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/torvalds/linux/commit/647bf3d8a8e5777319da92af672289b2a6c4dc66"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-8636",
    "datePublished": "2017-02-22T16:00:00.000Z",
    "dateReserved": "2016-10-12T00:00:00.000Z",
    "dateUpdated": "2024-08-06T02:27:41.119Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTFR-2017-AVI-233

Vulnerability from certfr_avis - Published: 2017-07-21 - Updated: 2017-07-31

De multiples vulnérabilités ont été corrigées dans le noyau Linux d'Ubuntu. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une exécution de code arbitraire et un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Ubuntu	Ubuntu	Ubuntu 16.04 LTS
Ubuntu	Ubuntu	Ubuntu 17.04
Ubuntu	Ubuntu	Ubuntu 16.10
Ubuntu	Ubuntu	Ubuntu 14.04 LTS

References

Title

Publication Time

Tags

Bulletin de sécurité Ubuntu USN-3360-1 du 21 juillet 2017	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-3364-2 du 24 juillet 2017	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-3361-1 du 21 juillet 2017	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-3358-1 du 20 juillet 2017	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-3360-2 du 21 juillet 2017	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-3364-1 du 24 juillet 2017	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-3364-3 du 25 juillet 2017	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-3371-1 du 28 juillet 2017	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-3359-1 du 21 juillet 2017	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Ubuntu 16.04 LTS",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    },
    {
      "description": "Ubuntu 17.04",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    },
    {
      "description": "Ubuntu 16.10",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    },
    {
      "description": "Ubuntu 14.04 LTS",
      "product": {
        "name": "Ubuntu",
        "vendor": {
          "name": "Ubuntu",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-9150",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9150"
    },
    {
      "name": "CVE-2017-5549",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5549"
    },
    {
      "name": "CVE-2015-8967",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8967"
    },
    {
      "name": "CVE-2017-2584",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2584"
    },
    {
      "name": "CVE-2017-7618",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7618"
    },
    {
      "name": "CVE-2017-6348",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-6348"
    },
    {
      "name": "CVE-2017-7472",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7472"
    },
    {
      "name": "CVE-2017-6346",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-6346"
    },
    {
      "name": "CVE-2017-7895",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7895"
    },
    {
      "name": "CVE-2015-8944",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8944"
    },
    {
      "name": "CVE-2017-7645",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7645"
    },
    {
      "name": "CVE-2017-5970",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5970"
    },
    {
      "name": "CVE-2017-9074",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9074"
    },
    {
      "name": "CVE-2017-8925",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8925"
    },
    {
      "name": "CVE-2017-2618",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2618"
    },
    {
      "name": "CVE-2014-9900",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9900"
    },
    {
      "name": "CVE-2016-8405",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8405"
    },
    {
      "name": "CVE-2017-7273",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7273"
    },
    {
      "name": "CVE-2017-6345",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-6345"
    },
    {
      "name": "CVE-2017-6214",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-6214"
    },
    {
      "name": "CVE-2017-7616",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7616"
    },
    {
      "name": "CVE-2015-8963",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8963"
    },
    {
      "name": "CVE-2017-6347",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-6347"
    },
    {
      "name": "CVE-2016-9083",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9083"
    },
    {
      "name": "CVE-2017-7346",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7346"
    },
    {
      "name": "CVE-2017-2671",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2671"
    },
    {
      "name": "CVE-2015-8955",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8955"
    },
    {
      "name": "CVE-2017-2583",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2583"
    },
    {
      "name": "CVE-2016-9755",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9755"
    },
    {
      "name": "CVE-2017-5550",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5550"
    },
    {
      "name": "CVE-2017-9605",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9605"
    },
    {
      "name": "CVE-2015-8966",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8966"
    },
    {
      "name": "CVE-2016-10208",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-10208"
    },
    {
      "name": "CVE-2016-10088",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-10088"
    },
    {
      "name": "CVE-2017-5897",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5897"
    },
    {
      "name": "CVE-2017-7187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7187"
    },
    {
      "name": "CVE-2016-9191",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9191"
    },
    {
      "name": "CVE-2015-8962",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8962"
    },
    {
      "name": "CVE-2017-2596",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2596"
    },
    {
      "name": "CVE-2017-8924",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8924"
    },
    {
      "name": "CVE-2017-7889",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7889"
    },
    {
      "name": "CVE-2017-1000380",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-1000380"
    },
    {
      "name": "CVE-2016-9604",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9604"
    },
    {
      "name": "CVE-2017-5576",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5576"
    },
    {
      "name": "CVE-2017-5551",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5551"
    },
    {
      "name": "CVE-2017-5546",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5546"
    },
    {
      "name": "CVE-2017-6001",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-6001"
    },
    {
      "name": "CVE-2015-8964",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8964"
    },
    {
      "name": "CVE-2016-9084",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9084"
    },
    {
      "name": "CVE-2017-7261",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7261"
    },
    {
      "name": "CVE-2016-8636",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8636"
    },
    {
      "name": "CVE-2017-5669",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5669"
    }
  ],
  "initial_release_date": "2017-07-21T00:00:00",
  "last_revision_date": "2017-07-31T00:00:00",
  "links": [],
  "reference": "CERTFR-2017-AVI-233",
  "revisions": [
    {
      "description": "mise \u00e0 jour des bulletins, vuln\u00e9rabilit\u00e9s et syst\u00e8mes affect\u00e9s.",
      "revision_date": "2017-07-21T00:00:00.000000"
    },
    {
      "description": "ajout du bulletin de s\u00e9curit\u00e9 Ubuntu USN-3360-2 du 21 juillet 2017.",
      "revision_date": "2017-07-24T00:00:00.000000"
    },
    {
      "description": "ajout des bulletins de s\u00e9curit\u00e9 Ubuntu USN-3364-1 et USN-3364-2 du 24 juillet 2017.",
      "revision_date": "2017-07-25T00:00:00.000000"
    },
    {
      "description": "ajout du bulletin de s\u00e9curit\u00e9 Ubuntu USN-3364-3 du 25 juillet 2017.",
      "revision_date": "2017-07-26T00:00:00.000000"
    },
    {
      "description": "ajout du bulletin de s\u00e9curit\u00e9 Ubuntu USN-3371-1 du 28 juillet 2017.",
      "revision_date": "2017-07-31T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003ele noyau Linux d\u0027Ubuntu\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une ex\u00e9cution de code arbitraire et un d\u00e9ni de service \u00e0\ndistance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u0027Ubuntu",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-3360-1 du 21 juillet 2017",
      "url": "https://usn.ubuntu.com/usn/usn-3360-1/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-3364-2 du 24 juillet 2017",
      "url": "https://usn.ubuntu.com/usn/usn-3364-2/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-3361-1 du 21 juillet 2017",
      "url": "https://usn.ubuntu.com/usn/usn-3361-1/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-3358-1 du 20 juillet 2017",
      "url": "https://usn.ubuntu.com/usn/usn-3358-1/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-3360-2 du 21 juillet 2017",
      "url": "https://usn.ubuntu.com/usn/usn-3360-2/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-3364-1 du 24 juillet 2017",
      "url": "https://usn.ubuntu.com/usn/usn-3364-1/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-3364-3 du 25 juillet 2017",
      "url": "https://usn.ubuntu.com/usn/usn-3364-3/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-3371-1 du 28 juillet 2017",
      "url": "https://usn.ubuntu.com/usn/usn-3371-1/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-3359-1 du 21 juillet 2017",
      "url": "https://usn.ubuntu.com/usn/usn-3359-1/"
    }
  ]
}

CERTFR-2019-AVI-233

Vulnerability from certfr_avis - Published: 2019-05-20 - Updated: 2019-05-20

De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service à distance et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
SUSE	N/A	SUSE Linux Enterprise Module pour Public Cloud 12
SUSE	SUSE Linux Enterprise Server	SUSE Linux Enterprise Server 12-SP2-LTSS
SUSE	SUSE Linux Enterprise Server	SUSE Linux Enterprise Server pour SAP 12-SP1
SUSE	N/A	SUSE Linux Enterprise High Availability 12-SP2
SUSE	N/A	OpenStack Cloud Magnum Orchestration 7
SUSE	SUSE Linux Enterprise Server	SUSE Linux Enterprise Server 12-SP2-BCL
SUSE	SUSE Linux Enterprise Server	SUSE Linux Enterprise Server 12-SP1-LTSS
SUSE	N/A	SUSE OpenStack Cloud 7
SUSE	N/A	SUSE Enterprise Storage 4
SUSE	SUSE Linux Enterprise Server	SUSE Linux Enterprise Server pour SAP 12-SP2

References

Title

Publication Time

Tags

Bulletin de sécurité SUSE SUSE-SU-2019:1287-1 du 17 mai 2019	None	vendor-advisory
Bulletin de sécurité SUSE SUSE-SU-2019:1289-1 du 17 mai 2019	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SUSE Linux Enterprise Module pour Public Cloud 12",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Server 12-SP2-LTSS",
      "product": {
        "name": "SUSE Linux Enterprise Server",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Server pour SAP 12-SP1",
      "product": {
        "name": "SUSE Linux Enterprise Server",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise High Availability 12-SP2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "OpenStack Cloud Magnum Orchestration 7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Server 12-SP2-BCL",
      "product": {
        "name": "SUSE Linux Enterprise Server",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Server 12-SP1-LTSS",
      "product": {
        "name": "SUSE Linux Enterprise Server",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE OpenStack Cloud 7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Enterprise Storage 4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Server pour SAP 12-SP2",
      "product": {
        "name": "SUSE Linux Enterprise Server",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-11091",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11091"
    },
    {
      "name": "CVE-2018-18710",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-18710"
    },
    {
      "name": "CVE-2019-6974",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6974"
    },
    {
      "name": "CVE-2018-5391",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5391"
    },
    {
      "name": "CVE-2017-7472",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7472"
    },
    {
      "name": "CVE-2019-9503",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9503"
    },
    {
      "name": "CVE-2018-19407",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-19407"
    },
    {
      "name": "CVE-2018-9568",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-9568"
    },
    {
      "name": "CVE-2018-19985",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-19985"
    },
    {
      "name": "CVE-2019-8564",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8564"
    },
    {
      "name": "CVE-2018-12127",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12127"
    },
    {
      "name": "CVE-2017-1000407",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-1000407"
    },
    {
      "name": "CVE-2019-9213",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9213"
    },
    {
      "name": "CVE-2017-7273",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7273"
    },
    {
      "name": "CVE-2018-18281",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-18281"
    },
    {
      "name": "CVE-2018-15572",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15572"
    },
    {
      "name": "CVE-2018-12130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12130"
    },
    {
      "name": "CVE-2018-18690",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-18690"
    },
    {
      "name": "CVE-2018-20169",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20169"
    },
    {
      "name": "CVE-2018-1128",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1128"
    },
    {
      "name": "CVE-2016-10741",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-10741"
    },
    {
      "name": "CVE-2018-14633",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14633"
    },
    {
      "name": "CVE-2018-1091",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1091"
    },
    {
      "name": "CVE-2018-1120",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1120"
    },
    {
      "name": "CVE-2017-18174",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-18174"
    },
    {
      "name": "CVE-2018-16884",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16884"
    },
    {
      "name": "CVE-2018-12126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12126"
    },
    {
      "name": "CVE-2018-9516",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-9516"
    },
    {
      "name": "CVE-2019-3460",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-3460"
    },
    {
      "name": "CVE-2019-11486",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11486"
    },
    {
      "name": "CVE-2018-19824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-19824"
    },
    {
      "name": "CVE-2019-3882",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-3882"
    },
    {
      "name": "CVE-2019-7221",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7221"
    },
    {
      "name": "CVE-2018-1129",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1129"
    },
    {
      "name": "CVE-2019-7222",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-7222"
    },
    {
      "name": "CVE-2017-16533",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-16533"
    },
    {
      "name": "CVE-2016-8636",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8636"
    },
    {
      "name": "CVE-2018-18386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-18386"
    },
    {
      "name": "CVE-2017-17741",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-17741"
    },
    {
      "name": "CVE-2019-3459",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-3459"
    }
  ],
  "initial_release_date": "2019-05-20T00:00:00",
  "last_revision_date": "2019-05-20T00:00:00",
  "links": [],
  "reference": "CERTFR-2019-AVI-233",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-05-20T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nSUSE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2019:1287-1 du 17 mai 2019",
      "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20191287-1/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2019:1289-1 du 17 mai 2019",
      "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20191289-1/"
    }
  ]
}

GHSA-VV9C-R5JJ-58F9

Vulnerability from github – Published: 2022-05-17 02:57 – Updated: 2025-04-20 03:33

Details

Severity ?

7.8 (High)


                  
                    CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-8636"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-190"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-02-22T16:59:00Z",
    "severity": "HIGH"
  },
  "details": "Integer overflow in the mem_check_range function in drivers/infiniband/sw/rxe/rxe_mr.c in the Linux kernel before 4.9.10 allows local users to cause a denial of service (memory corruption), obtain sensitive information from kernel memory, or possibly have unspecified other impact via a write or read request involving the \"RDMA protocol over infiniband\" (aka Soft RoCE) technology.",
  "id": "GHSA-vv9c-r5jj-58f9",
  "modified": "2025-04-20T03:33:20Z",
  "published": "2022-05-17T02:57:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8636"
    },
    {
      "type": "WEB",
      "url": "https://github.com/torvalds/linux/commit/647bf3d8a8e5777319da92af672289b2a6c4dc66"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1421981"
    },
    {
      "type": "WEB",
      "url": "https://eyalitkin.wordpress.com/2017/02/11/cve-publication-cve-2016-8636"
    },
    {
      "type": "WEB",
      "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=647bf3d8a8e5777319da92af672289b2a6c4dc66"
    },
    {
      "type": "WEB",
      "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.10"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2017/02/11/9"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/96189"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2016-8636

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2016-8636

Aliases

CVE-2016-8636

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-8636",
    "description": "Integer overflow in the mem_check_range function in drivers/infiniband/sw/rxe/rxe_mr.c in the Linux kernel before 4.9.10 allows local users to cause a denial of service (memory corruption), obtain sensitive information from kernel memory, or possibly have unspecified other impact via a write or read request involving the \"RDMA protocol over infiniband\" (aka Soft RoCE) technology.",
    "id": "GSD-2016-8636",
    "references": [
      "https://www.suse.com/security/cve/CVE-2016-8636.html",
      "https://ubuntu.com/security/CVE-2016-8636"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-8636"
      ],
      "details": "Integer overflow in the mem_check_range function in drivers/infiniband/sw/rxe/rxe_mr.c in the Linux kernel before 4.9.10 allows local users to cause a denial of service (memory corruption), obtain sensitive information from kernel memory, or possibly have unspecified other impact via a write or read request involving the \"RDMA protocol over infiniband\" (aka Soft RoCE) technology.",
      "id": "GSD-2016-8636",
      "modified": "2023-12-13T01:21:22.474425Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2016-8636",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Integer overflow in the mem_check_range function in drivers/infiniband/sw/rxe/rxe_mr.c in the Linux kernel before 4.9.10 allows local users to cause a denial of service (memory corruption), obtain sensitive information from kernel memory, or possibly have unspecified other impact via a write or read request involving the \"RDMA protocol over infiniband\" (aka Soft RoCE) technology."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=647bf3d8a8e5777319da92af672289b2a6c4dc66",
            "refsource": "MISC",
            "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=647bf3d8a8e5777319da92af672289b2a6c4dc66"
          },
          {
            "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.10",
            "refsource": "MISC",
            "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.10"
          },
          {
            "name": "http://www.openwall.com/lists/oss-security/2017/02/11/9",
            "refsource": "MISC",
            "url": "http://www.openwall.com/lists/oss-security/2017/02/11/9"
          },
          {
            "name": "http://www.securityfocus.com/bid/96189",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/bid/96189"
          },
          {
            "name": "https://eyalitkin.wordpress.com/2017/02/11/cve-publication-cve-2016-8636/",
            "refsource": "MISC",
            "url": "https://eyalitkin.wordpress.com/2017/02/11/cve-publication-cve-2016-8636/"
          },
          {
            "name": "https://github.com/torvalds/linux/commit/647bf3d8a8e5777319da92af672289b2a6c4dc66",
            "refsource": "MISC",
            "url": "https://github.com/torvalds/linux/commit/647bf3d8a8e5777319da92af672289b2a6c4dc66"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1421981",
            "refsource": "MISC",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1421981"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.9.10",
                "versionStartIncluding": "4.8",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2016-8636"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Integer overflow in the mem_check_range function in drivers/infiniband/sw/rxe/rxe_mr.c in the Linux kernel before 4.9.10 allows local users to cause a denial of service (memory corruption), obtain sensitive information from kernel memory, or possibly have unspecified other impact via a write or read request involving the \"RDMA protocol over infiniband\" (aka Soft RoCE) technology."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-190"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/torvalds/linux/commit/647bf3d8a8e5777319da92af672289b2a6c4dc66",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking",
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/torvalds/linux/commit/647bf3d8a8e5777319da92af672289b2a6c4dc66"
            },
            {
              "name": "https://eyalitkin.wordpress.com/2017/02/11/cve-publication-cve-2016-8636/",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Technical Description",
                "Third Party Advisory"
              ],
              "url": "https://eyalitkin.wordpress.com/2017/02/11/cve-publication-cve-2016-8636/"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1421981",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking",
                "Patch"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1421981"
            },
            {
              "name": "[oss-security] 20170211 CVE publication request - CVE 2016-8636",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Patch",
                "Third Party Advisory"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2017/02/11/9"
            },
            {
              "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.10",
              "refsource": "CONFIRM",
              "tags": [
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.10"
            },
            {
              "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=647bf3d8a8e5777319da92af672289b2a6c4dc66",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking",
                "Patch",
                "Third Party Advisory"
              ],
              "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=647bf3d8a8e5777319da92af672289b2a6c4dc66"
            },
            {
              "name": "96189",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/96189"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2023-01-17T21:07Z",
      "publishedDate": "2017-02-22T16:59Z"
    }
  }
}

FKIE_CVE-2016-8636

Vulnerability from fkie_nvd - Published: 2017-02-22 16:59 - Updated: 2025-04-20 01:37

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
secalert@redhat.com	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=647bf3d8a8e5777319da92af672289b2a6c4dc66	Issue Tracking, Patch, Third Party Advisory
secalert@redhat.com	http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.10	Release Notes, Vendor Advisory
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2017/02/11/9	Mailing List, Patch, Third Party Advisory
secalert@redhat.com	http://www.securityfocus.com/bid/96189	Third Party Advisory, VDB Entry
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=1421981	Issue Tracking, Patch
secalert@redhat.com	https://eyalitkin.wordpress.com/2017/02/11/cve-publication-cve-2016-8636/	Patch, Technical Description, Third Party Advisory
secalert@redhat.com	https://github.com/torvalds/linux/commit/647bf3d8a8e5777319da92af672289b2a6c4dc66	Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=647bf3d8a8e5777319da92af672289b2a6c4dc66	Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.10	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2017/02/11/9	Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/96189	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=1421981	Issue Tracking, Patch
af854a3a-2127-422b-91ae-364da2661108	https://eyalitkin.wordpress.com/2017/02/11/cve-publication-cve-2016-8636/	Patch, Technical Description, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/torvalds/linux/commit/647bf3d8a8e5777319da92af672289b2a6c4dc66	Issue Tracking, Patch, Third Party Advisory

Impacted products

	Vendor	Product	Version
	linux	linux_kernel	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF669C8C-DA7B-431E-B9C2-38CD57DAFC0A",
              "versionEndExcluding": "4.9.10",
              "versionStartIncluding": "4.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Integer overflow in the mem_check_range function in drivers/infiniband/sw/rxe/rxe_mr.c in the Linux kernel before 4.9.10 allows local users to cause a denial of service (memory corruption), obtain sensitive information from kernel memory, or possibly have unspecified other impact via a write or read request involving the \"RDMA protocol over infiniband\" (aka Soft RoCE) technology."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de entero en la funci\u00f3n mem_check_range en drivers/infiniband/sw/rxe/rxe_mr.c en el kernel de Linux en versiones anteriores a 4.9.10 permite a usuarios locales provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria), obtener informaci\u00f3n sensible desde la memoria del kernel, o posiblemente tener otro impacto no especificado a trav\u00e9s de una petici\u00f3n de escritura o lectura involucrando a la tecnolog\u00eda \"RDMA protocol over infiniband\" (tambi\u00e9n conocida como Soft RoCE)."
    }
  ],
  "id": "CVE-2016-8636",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-02-22T16:59:00.193",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=647bf3d8a8e5777319da92af672289b2a6c4dc66"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.10"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2017/02/11/9"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/96189"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1421981"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Technical Description",
        "Third Party Advisory"
      ],
      "url": "https://eyalitkin.wordpress.com/2017/02/11/cve-publication-cve-2016-8636/"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/torvalds/linux/commit/647bf3d8a8e5777319da92af672289b2a6c4dc66"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=647bf3d8a8e5777319da92af672289b2a6c4dc66"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.10"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2017/02/11/9"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/96189"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1421981"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Technical Description",
        "Third Party Advisory"
      ],
      "url": "https://eyalitkin.wordpress.com/2017/02/11/cve-publication-cve-2016-8636/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/torvalds/linux/commit/647bf3d8a8e5777319da92af672289b2a6c4dc66"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-190"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2017-01990

Vulnerability from cnvd - Published: 2017-02-25

Title

Linux Kernel 'drivers/infiniband/sw/rxe/rxe_mr.c'本地整数溢出漏洞

Description

Linux kernel是美国Linux基金会发布的操作系统Linux所使用的内核。 Linux Kernel存在本地整数溢出漏洞。本地攻击者可利用此漏洞在受影响应用程序的上下文中执行任意代码，失败的攻击会导致拒绝服务。

Severity

高

Patch Name

Linux Kernel 'drivers/infiniband/sw/rxe/rxe_mr.c'本地整数溢出漏洞的补丁

Patch Description

Linux kernel是美国Linux基金会发布的操作系统Linux所使用的内核。 Linux Kernel存在本地整数溢出漏洞。本地攻击者可利用此漏洞在受影响应用程序的上下文中执行任意代码，失败的攻击会导致拒绝服务。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://eyalitkin.wordpress.com/2017/02/11/cve-publication-cve-2016-8636/

Reference

http://www.securityfocus.com/bid/96189

Impacted products

Name
Linux Kernel

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "96189"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-8636",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8636"
    }
  },
  "description": "Linux kernel\u662f\u7f8e\u56fdLinux\u57fa\u91d1\u4f1a\u53d1\u5e03\u7684\u64cd\u4f5c\u7cfb\u7edfLinux\u6240\u4f7f\u7528\u7684\u5185\u6838\u3002\r\n\r\nLinux Kernel\u5b58\u5728\u672c\u5730\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u5728\u53d7\u5f71\u54cd\u5e94\u7528\u7a0b\u5e8f\u7684\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4efb\u610f\u4ee3\u7801\uff0c\u5931\u8d25\u7684\u653b\u51fb\u4f1a\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002",
  "discovererName": "eyalitkin",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://eyalitkin.wordpress.com/2017/02/11/cve-publication-cve-2016-8636/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-01990",
  "openTime": "2017-02-25",
  "patchDescription": "Linux kernel\u662f\u7f8e\u56fdLinux\u57fa\u91d1\u4f1a\u53d1\u5e03\u7684\u64cd\u4f5c\u7cfb\u7edfLinux\u6240\u4f7f\u7528\u7684\u5185\u6838\u3002\r\n\r\nLinux Kernel\u5b58\u5728\u672c\u5730\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u5728\u53d7\u5f71\u54cd\u5e94\u7528\u7a0b\u5e8f\u7684\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4efb\u610f\u4ee3\u7801\uff0c\u5931\u8d25\u7684\u653b\u51fb\u4f1a\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Linux Kernel \u0027drivers/infiniband/sw/rxe/rxe_mr.c\u0027\u672c\u5730\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Linux Kernel"
  },
  "referenceLink": "http://www.securityfocus.com/bid/96189",
  "serverity": "\u9ad8",
  "submitTime": "2017-02-17",
  "title": "Linux Kernel \u0027drivers/infiniband/sw/rxe/rxe_mr.c\u0027\u672c\u5730\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e"
}

CVE-2016-8636

Vulnerability from fstec - Published: 08.02.2017

Title

Уязвимость функции mem_check_range (drivers/infiniband/sw/rxe/rxe_mr.c) ядра операционной системы Linux, позволяющая нарушителю раскрыть защищаемую информацию или вызвать отказ в обслуживании

Description

Уязвимость функции mem_check_range (drivers/infiniband/sw/rxe/rxe_mr.c) ядра операционной системы Linux вызвана целочисленным переполнением. Эксплуатация уязвимости может позволить нарушителю раскрыть защищаемую информацию или вызвать отказ в обслуживании при помощи запросов на запись и чтение с использованием технологии «RDMA protocol over InfiniBand»

Severity ?


                    
                      AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Vendor

Сообщество свободного программного обеспечения

Software Name

Linux

Software Version

от 4.8 до 4.9.9 включительно (Linux)

Possible Mitigations

Использование рекомендаций: Для Linux: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=647bf3d8a8e5777319da92af672289b2a6c4dc66 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.10

Reference

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=647bf3d8a8e5777319da92af672289b2a6c4dc66 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.10 http://www.openwall.com/lists/oss-security/2017/02/11/9 http://www.securityfocus.com/bid/96189 http://www.ubuntu.com/usn/usn-3361-1 https://bugzilla.redhat.com/show_bug.cgi?id=1421981 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8636 https://eyalitkin.wordpress.com/2017/02/11/cve-publication-cve-2016-8636/ https://github.com/torvalds/linux/commit/647bf3d8a8e5777319da92af672289b2a6c4dc66 https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.10 https://ubuntu.com/security/notices/USN-3361-1 https://usn.ubuntu.com/usn/usn-3361-1 https://www.cve.org/CVERecord?id=CVE-2016-8636

CWE

CWE-190

JSON

To clipboard

{
  "CVSS 2.0": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
  "CVSS 3.0": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u043e\u0442 4.8 \u0434\u043e 4.9.9 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Linux:\nhttp://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=647bf3d8a8e5777319da92af672289b2a6c4dc66\nhttp://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.10",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "08.02.2017",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "03.12.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "16.03.2018",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2018-00378",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2016-8636",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Linux",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 mem_check_range (drivers/infiniband/sw/rxe/rxe_mr.c) \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u0438\u043b\u0438 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0426\u0435\u043b\u043e\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u043e\u0435 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0438\u043b\u0438 \u0446\u0438\u043a\u043b\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0441\u0434\u0432\u0438\u0433 (CWE-190)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 mem_check_range (drivers/infiniband/sw/rxe/rxe_mr.c) \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux \u0432\u044b\u0437\u0432\u0430\u043d\u0430 \u0446\u0435\u043b\u043e\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u044b\u043c \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u0438\u043b\u0438 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u043f\u0440\u0438 \u043f\u043e\u043c\u043e\u0449\u0438 \u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432 \u043d\u0430 \u0437\u0430\u043f\u0438\u0441\u044c \u0438 \u0447\u0442\u0435\u043d\u0438\u0435 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0442\u0435\u0445\u043d\u043e\u043b\u043e\u0433\u0438\u0438 \u00abRDMA protocol over InfiniBand\u00bb",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=647bf3d8a8e5777319da92af672289b2a6c4dc66\nhttp://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.10\nhttp://www.openwall.com/lists/oss-security/2017/02/11/9\nhttp://www.securityfocus.com/bid/96189\nhttp://www.ubuntu.com/usn/usn-3361-1\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1421981\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8636\nhttps://eyalitkin.wordpress.com/2017/02/11/cve-publication-cve-2016-8636/\nhttps://github.com/torvalds/linux/commit/647bf3d8a8e5777319da92af672289b2a6c4dc66\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.10\nhttps://ubuntu.com/security/notices/USN-3361-1\nhttps://usn.ubuntu.com/usn/usn-3361-1\nhttps://www.cve.org/CVERecord?id=CVE-2016-8636",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-190",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,2)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)\n\u041d\u0435\u0442 \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 4.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 0)"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2016-8636 (GCVE-0-2016-8636)

CERTFR-2017-AVI-233

Solution

CERTFR-2019-AVI-233

Solution

GHSA-VV9C-R5JJ-58F9

GSD-2016-8636

FKIE_CVE-2016-8636

CNVD-2017-01990

CVE-2016-8636

Tags

Sightings

Nomenclature