CVE-2016-0723

Impact:
Moderate
Public Date:
2015-11-27
CWE:
CWE-416
Bugzilla:
1296253: CVE-2016-0723 kernel: Kernel memory disclosure and crash in tty layer
A use-after-free flaw was discovered in the Linux kernel's tty subsystem, which allows for the disclosure of uncontrolled memory location and possible kernel panic. The information leak is caused by a race condition when attempting to set and read the tty line discipline. A local attacker could use the TIOCSETD (via tty_set_ldisc ) to switch to a new line discipline; a concurrent call to a TIOCGETD ioctl performing a read on a given tty could then access previously allocated memory. Up to 4 bytes could be leaked when querying the line discipline or the kernel could panic with a NULL-pointer dereference.

Find out more about CVE-2016-0723 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

This issue affects kernels in Red Hat Enterprise Linux 5, 6 and 7. This has been rated as having Moderate security impact and is not currently
planned to be addressed in future updates. For additional information, refer
to the Red Hat Enterprise Linux Life Cycle:
https://access.redhat.com/support/policy/updates/errata/.

CVSS v2 metrics

NOTE: The following CVSS v2 metrics and score provided are preliminary and subject to review.

Base Score 5.6
Base Metrics AV:L/AC:L/Au:N/C:P/I:N/A:C
Access Vector Local
Access Complexity Low
Authentication None
Confidentiality Impact Partial
Integrity Impact None
Availability Impact Complete

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Affected Packages State

Platform Package State
Red Hat Enterprise MRG 2 realtime-kernel Will not fix
Red Hat Enterprise Linux 7 kernel-rt Will not fix
Red Hat Enterprise Linux 7 kernel Will not fix
Red Hat Enterprise Linux 6 kernel Will not fix
Red Hat Enterprise Linux 5 kernel Will not fix

Acknowledgements

This issue was discovered by Milos Vyletel of Red Hat.
Last Modified