[Forgot Password]
Login  Register Subscribe

24437

 
 

131950

 
 

117582

 
 

909

 
 

91563

 
 

143

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2016-10208Date: (C)2017-02-07   (M)2018-09-27


The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.9.8 does not properly validate meta block groups, which allows physically proximate attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 4.3CVSS Score : 4.9
Exploit Score: 0.7Exploit Score: 3.9
Impact Score: 3.6Impact Score: 6.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: PHYSICALAccess Vector: LOCAL
Attack Complexity: LOWAccess Complexity: LOW
Privileges Required: LOWAuthentication: NONE
User Interaction: NONEConfidentiality: NONE
Scope: UNCHANGEDIntegrity: NONE
Confidentiality: NONEAvailability: COMPLETE
Integrity: NONE 
Availability: HIGH 
  
Reference:
http://seclists.org/fulldisclosure/2016/Nov/75
BID-94354
RHSA-2017:1297
RHSA-2017:1298
RHSA-2017:1308
https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html
http://www.openwall.com/lists/oss-security/2017/02/05/3
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3a4b77cd47bb837b8557595ec7425f281f2ca1fe
https://bugzilla.redhat.com/show_bug.cgi?id=1395190
https://github.com/torvalds/linux/commit/3a4b77cd47bb837b8557595ec7425f281f2ca1fe

CPE    1
cpe:/o:linux:linux_kernel:4.9.8
CWE    1
CWE-125
OVAL    14
oval:org.secpod.oval:def:1501827
oval:org.secpod.oval:def:1501824
oval:org.secpod.oval:def:703521
oval:org.secpod.oval:def:703520
...

© SecPod Technologies