{ "threat_severity" : "Important", "public_date" : "2016-04-28T00:00:00Z", "bugzilla" : { "description" : "kernel: bpf: refcnt overflow", "id" : "1334303", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1334303" }, "cvss" : { "cvss_base_score" : "7.2", "cvss_scoring_vector" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "status" : "draft" }, "cwe" : "CWE-122", "details" : [ "The BPF subsystem in the Linux kernel before 4.5.5 mishandles reference counts, which allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted application on (1) a system with more than 32 Gb of memory, related to the program reference count or (2) a 1 Tb system, related to the map reference count.", "A flaw was found in the Linux kernel's implementation of BPF in which systems can application can overflow a 32 bit refcount in both program and map refcount. This refcount can wrap and end up a user after free." ], "statement" : "This issue does not affect the Linux kernels as shipped with Red Hat Enterprise Linux 4, 5, 6, 7 and Red Hat Enterprise MRG 2.", "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 5", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:5" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise MRG 2", "fix_state" : "Not affected", "package_name" : "realtime-kernel", "cpe" : "cpe:/a:redhat:enterprise_mrg:2" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2016-4558\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-4558" ], "name" : "CVE-2016-4558", "csaw" : false }