CVE-2016-6187

The apparmor_setprocattr function in security/apparmor/lsm.c in the Linux kernel before 4.6.5 does not validate the buffer size, which allows local users to gain privileges by triggering an AppArmor setprocattr hook.

CVSS v3 7.8 HIGH
CVSS v2.0 7.2 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.2^/10

CVSS v2.0 : HIGH

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=30a46a4647fd1df9cf52e43bf467f0d9265096ca	Issue Tracking Patch
http://marc.info/?l=linux-kernel&m=146793642811929&w=2	Third Party Advisory
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.5	Release Notes
http://www.openwall.com/lists/oss-security/2016/07/09/2	Mailing List Third Party Advisory
http://www.securityfocus.com/bid/91696	Third Party Advisory VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1354383	Issue Tracking
https://github.com/torvalds/linux/commit/30a46a4647fd1df9cf52e43bf467f0d9265096ca	Issue Tracking Patch

Configurations

Configuration 1 (hide)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

History

17 Jan 2023, 21:15

Type	Values Removed	Values Added
References	~~(BID) http://www.securityfocus.com/bid/91696 -~~	(BID) http://www.securityfocus.com/bid/91696 - Third Party Advisory, VDB Entry

Information

Published : 2016-08-06 20:59

Updated : 2023-12-10 11:46

NVD link : CVE-2016-6187

Mitre link : CVE-2016-6187

CVE.ORG link : CVE-2016-6187

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2016-6187", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2016-08-06T20:59:10.800", "references": [{"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=30a46a4647fd1df9cf52e43bf467f0d9265096ca", "tags": ["Issue Tracking", "Patch"], "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=linux-kernel&m=146793642811929&w=2", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.5", "tags": ["Release Notes"], "source": "cve@mitre.org"}, {"url": "http://www.openwall.com/lists/oss-security/2016/07/09/2", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/91696", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1354383", "tags": ["Issue Tracking"], "source": "cve@mitre.org"}, {"url": "https://github.com/torvalds/linux/commit/30a46a4647fd1df9cf52e43bf467f0d9265096ca", "tags": ["Issue Tracking", "Patch"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "The apparmor_setprocattr function in security/apparmor/lsm.c in the Linux kernel before 4.6.5 does not validate the buffer size, which allows local users to gain privileges by triggering an AppArmor setprocattr hook."}, {"lang": "es", "value": "La funci\u00f3n apparmor_setprocattr en security/apparmor/lsm.c en el kernel de Linux en versiones anteriores a 4.6.5 no valida el tama\u00f1o de b\u00fafer, lo que permite a usuarios locales obtener privilegios desencadenando un gancho AppArmor setprocattr."}], "lastModified": "2023-01-17T21:15:40.233", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3C4D37E6-8AC8-49A3-8C2F-A9FB2A4F7102", "versionEndExcluding": "4.6.5", "versionStartIncluding": "4.5"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}