CVE-2016-9756 — MEDIUM (5.5)

Q: How severe is CVE-2016-9756?

CVE-2016-9756 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2016-9756?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.

Vulnerability Description

arch/x86/kvm/emulate.c in the Linux kernel before 4.8.12 does not properly initialize Code Segment (CS) in certain error cases, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.

CVSS Score

5.5

MEDIUM

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Linux	Linux Kernel	<= 4.8.11

Related Weaknesses (CWE)

CWE-200

References

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2117d5PatchVendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00000.html
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.12Release Notes
http://www.openwall.com/lists/oss-security/2016/12/01/1Mailing ListPatch
http://www.securityfocus.com/bid/94615
https://bugzilla.redhat.com/show_bug.cgi?id=1400468Issue Tracking
https://github.com/torvalds/linux/commit/2117d5398c81554fbf803f5fd1dc55eb78216c0PatchVendor Advisory
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2117d5PatchVendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00000.html
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.12Release Notes
http://www.openwall.com/lists/oss-security/2016/12/01/1Mailing ListPatch
http://www.securityfocus.com/bid/94615
https://bugzilla.redhat.com/show_bug.cgi?id=1400468Issue Tracking
https://github.com/torvalds/linux/commit/2117d5398c81554fbf803f5fd1dc55eb78216c0PatchVendor Advisory

FAQ

What is CVE-2016-9756?

CVE-2016-9756 is a vulnerability with a CVSS score of 5.5 (MEDIUM). arch/x86/kvm/emulate.c in the Linux kernel before 4.8.12 does not properly initialize Code Segment (CS) in certain error cases, which allows local users to obtain sensitive information from kernel sta...

How severe is CVE-2016-9756?

CVE-2016-9756 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-9756?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.