CVE-2016-9644

HIGH7.8

The __get_user_asm_ex macro in arch/x86/include/asm/uaccess

Published Nov 28, 2016

Modified 1 years ago

No fix available

Details

The __get_user_asm_ex macro in arch/x86/include/asm/uaccess.h in the Linux kernel 4.4.22 through 4.4.28 contains extended asm statements that are incompatible with the exception table, which allows local users to obtain root access on non-SMEP platforms via a crafted application. NOTE: this vulnerability exists because of incorrect backporting of the CVE-2016-9178 patch to older kernels.

References

WEBhttp://www.openwall.com/lists/oss-security/2016/11/07/4 WEBhttp://www.securityfocus.com/bid/94545 ADVISORYhttp://www.ubuntu.com/usn/USN-3146-1 ADVISORYhttp://www.ubuntu.com/usn/USN-3146-2 WEBhttps://lwn.net/Articles/705220/ADVISORYhttps://www.cve.org/CVERecord?id=CVE-2016-9644

CVSS Analysis

CVSS v3.0

7.8

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

LowAC:L

Privileges Required

NonePR:N

User Interaction

RequiredUI:R

Scope

UnchangedS:U

Impact

Confidentiality

HighC:H

Integrity

HighI:H

Availability

HighA:H

7.8/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Ecosystems

Timeline

PublishedNov 28, 2016

ModifiedAug 6, 2024