Vulnerability Description
The Linux kernel before 4.5 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by leveraging incorrect tracking of descriptor ownership and sending each descriptor over a UNIX socket before closing it. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-4312.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | <= 4.4.8 |
Related Weaknesses (CWE)
References
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=415e3dVendor Advisory
- http://www.debian.org/security/2016/dsa-3503
- http://www.openwall.com/lists/oss-security/2016/02/23/2
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
- http://www.ubuntu.com/usn/USN-2946-1
- http://www.ubuntu.com/usn/USN-2946-2
- http://www.ubuntu.com/usn/USN-2947-1
- http://www.ubuntu.com/usn/USN-2947-2
- http://www.ubuntu.com/usn/USN-2947-3
- http://www.ubuntu.com/usn/USN-2948-1
- http://www.ubuntu.com/usn/USN-2948-2
- http://www.ubuntu.com/usn/USN-2949-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1311517
- https://github.com/torvalds/linux/commit/415e3d3e90ce9e18727e8843ae343eda5a58fadPatchVendor Advisory
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=415e3dVendor Advisory
FAQ
What is CVE-2016-2550?
CVE-2016-2550 is a vulnerability with a CVSS score of 5.5 (MEDIUM). The Linux kernel before 4.5 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by leveraging incorrect tracking of descriptor ownership and sending ...
How severe is CVE-2016-2550?
CVE-2016-2550 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-2550?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.