CVE-2016-7916 — MEDIUM (5.5)

Q: How severe is CVE-2016-7916?

CVE-2016-7916 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2016-7916?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.

Vulnerability Description

Race condition in the environ_read function in fs/proc/base.c in the Linux kernel before 4.5.4 allows local users to obtain sensitive information from kernel memory by reading a /proc/*/environ file during a process-setup time interval in which environment-variable copying is incomplete.

CVSS Score

5.5

MEDIUM

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Linux	Linux Kernel	<= 4.5.3

Related Weaknesses (CWE)

CWE-362

References

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8148a7Issue TrackingPatchThird Party Advisory
http://source.android.com/security/bulletin/2016-11-01.htmlThird Party Advisory
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.4Release NotesVendor Advisory
http://www.securityfocus.com/bid/94138Third Party AdvisoryVDB Entry
http://www.ubuntu.com/usn/USN-3159-1
http://www.ubuntu.com/usn/USN-3159-2
https://bugzilla.kernel.org/show_bug.cgi?id=116461Issue Tracking
https://forums.grsecurity.net/viewtopic.php?f=3&t=4363Issue Tracking
https://github.com/torvalds/linux/commit/8148a73c9901a8794a50f950083c00ccf97d43bIssue TrackingPatchThird Party Advisory
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8148a7Issue TrackingPatchThird Party Advisory
http://source.android.com/security/bulletin/2016-11-01.htmlThird Party Advisory
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.4Release NotesVendor Advisory
http://www.securityfocus.com/bid/94138Third Party AdvisoryVDB Entry
http://www.ubuntu.com/usn/USN-3159-1
http://www.ubuntu.com/usn/USN-3159-2

FAQ

What is CVE-2016-7916?

CVE-2016-7916 is a vulnerability with a CVSS score of 5.5 (MEDIUM). Race condition in the environ_read function in fs/proc/base.c in the Linux kernel before 4.5.4 allows local users to obtain sensitive information from kernel memory by reading a /proc/*/environ file d...

How severe is CVE-2016-7916?

CVE-2016-7916 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-7916?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.