Vulnerability Description
The trace_writeback_dirty_page implementation in include/trace/events/writeback.h in the Linux kernel before 4.4 improperly interacts with mm/migrate.c, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by triggering a certain page move.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian | Debian Linux | 8.0 |
| Linux | Linux Kernel | <= 4.3.6 |
Related Weaknesses (CWE)
References
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=42cb14Issue TrackingPatch
- http://rhn.redhat.com/errata/RHSA-2016-2574.html
- http://rhn.redhat.com/errata/RHSA-2016-2584.html
- http://www.debian.org/security/2016/dsa-3607
- http://www.securityfocus.com/bid/90518
- http://www.ubuntu.com/usn/USN-3034-1
- http://www.ubuntu.com/usn/USN-3034-2
- http://www.ubuntu.com/usn/USN-3035-1
- http://www.ubuntu.com/usn/USN-3035-2
- http://www.ubuntu.com/usn/USN-3035-3
- http://www.ubuntu.com/usn/USN-3036-1
- http://www.ubuntu.com/usn/USN-3037-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1308846Issue Tracking
- https://github.com/torvalds/linux/commit/42cb14b110a5698ccf26ce59c4441722605a374Issue TrackingPatch
- https://security-tracker.debian.org/tracker/CVE-2016-3070Third Party Advisory
FAQ
What is CVE-2016-3070?
CVE-2016-3070 is a vulnerability with a CVSS score of 7.8 (HIGH). The trace_writeback_dirty_page implementation in include/trace/events/writeback.h in the Linux kernel before 4.4 improperly interacts with mm/migrate.c, which allows local users to cause a denial of s...
How severe is CVE-2016-3070?
CVE-2016-3070 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-3070?
Check the references section above for vendor advisories and patch information. Affected products include: Debian Debian Linux, Linux Linux Kernel.