CVE-2016-10154 — MEDIUM (5.5)

Vulnerability Description

The smbhash function in fs/cifs/smbencrypt.c in the Linux kernel 4.9.x before 4.9.1 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a scatterlist.

CVSS Score

5.5

MEDIUM

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Linux	Linux Kernel	4.9

Related Weaknesses (CWE)

CWE-119

References

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=06deeeIssue TrackingPatchThird Party Advisory
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.1Release NotesVendor Advisory
http://www.openwall.com/lists/oss-security/2017/01/21/3Mailing ListPatchThird Party Advisory
http://www.securityfocus.com/bid/95714Third Party AdvisoryVDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1416104Issue TrackingPatch
https://github.com/torvalds/linux/commit/06deeec77a5a689cc94b21a8a91a76e42176685Issue TrackingPatchThird Party Advisory
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=06deeeIssue TrackingPatchThird Party Advisory
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.1Release NotesVendor Advisory
http://www.openwall.com/lists/oss-security/2017/01/21/3Mailing ListPatchThird Party Advisory
http://www.securityfocus.com/bid/95714Third Party AdvisoryVDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1416104Issue TrackingPatch
https://github.com/torvalds/linux/commit/06deeec77a5a689cc94b21a8a91a76e42176685Issue TrackingPatchThird Party Advisory

FAQ

What is CVE-2016-10154?

CVE-2016-10154 is a vulnerability with a CVSS score of 5.5 (MEDIUM). The smbhash function in fs/cifs/smbencrypt.c in the Linux kernel 4.9.x before 4.9.1 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (syst...

How severe is CVE-2016-10154?

CVE-2016-10154 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-10154?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.