Vulnerability Description
An issue was discovered in drivers/net/ethernet/arc/emac_main.c in the Linux kernel before 4.5. A use-after-free is caused by a race condition between the functions arc_emac_tx and arc_emac_tx_clean.
CVSS Score
7.0
HIGH
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | < 4.5 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackwar
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c2PatchVendor Advisory
- https://seclists.org/bugtraq/2019/Nov/11
- https://support.f5.com/csp/article/K01993501?utm_source=f5support&%3Butm_medi
- https://usn.ubuntu.com/4163-1/
- https://usn.ubuntu.com/4163-2/
- http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackwar
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c2PatchVendor Advisory
- https://seclists.org/bugtraq/2019/Nov/11
- https://support.f5.com/csp/article/K01993501?utm_source=f5support&%3Butm_medi
- https://usn.ubuntu.com/4163-1/
- https://usn.ubuntu.com/4163-2/
FAQ
What is CVE-2016-10906?
CVE-2016-10906 is a vulnerability with a CVSS score of 7.0 (HIGH). An issue was discovered in drivers/net/ethernet/arc/emac_main.c in the Linux kernel before 4.5. A use-after-free is caused by a race condition between the functions arc_emac_tx and arc_emac_tx_clean.
How severe is CVE-2016-10906?
CVE-2016-10906 has been rated HIGH with a CVSS base score of 7.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-10906?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.