{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-01-31T00:00:00", "descriptions": [{"lang": "en", "value": "Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-07-19T17:06:05", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://security-tracker.debian.org/tracker/CVE-2016-0723"}, {"name": "USN-2930-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2930-1"}, {"name": "USN-2967-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2967-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1296253"}, {"name": "USN-2930-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2930-2"}, {"name": "DSA-3503", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2016/dsa-3503"}, {"name": "USN-2967-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2967-2"}, {"name": "SUSE-SU-2016:1764", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5c17c861a357e9458001f021a7afa7aab9937439"}, {"name": "USN-2930-3", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2930-3"}, {"name": "SUSE-SU-2016:1102", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://source.android.com/security/bulletin/2016-07-01.html"}, {"name": "USN-2929-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2929-1"}, {"name": "USN-2932-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2932-1"}, {"name": "82950", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/82950"}, {"name": "FEDORA-2016-5d43766e33", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176484.html"}, {"name": "SUSE-SU-2016:2074", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"}, {"name": "1035695", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1035695"}, {"name": "USN-2948-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2948-1"}, {"name": "DSA-3448", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2016/dsa-3448"}, {"name": "openSUSE-SU-2016:1008", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html"}, {"name": "USN-2929-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2929-2"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/torvalds/linux/commit/5c17c861a357e9458001f021a7afa7aab9937439"}, {"name": "USN-2948-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2948-2"}, {"name": "FEDORA-2016-2f25d12c51", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176464.html"}, {"name": "SUSE-SU-2016:0911", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.f5.com/csp/article/K43650115"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T22:30:03.991Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security-tracker.debian.org/tracker/CVE-2016-0723"}, {"name": "USN-2930-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2930-1"}, {"name": "USN-2967-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2967-1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1296253"}, {"name": "USN-2930-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2930-2"}, {"name": "DSA-3503", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2016/dsa-3503"}, {"name": "USN-2967-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2967-2"}, {"name": "SUSE-SU-2016:1764", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5c17c861a357e9458001f021a7afa7aab9937439"}, {"name": "USN-2930-3", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2930-3"}, {"name": "SUSE-SU-2016:1102", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://source.android.com/security/bulletin/2016-07-01.html"}, {"name": "USN-2929-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2929-1"}, {"name": "USN-2932-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2932-1"}, {"name": "82950", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/82950"}, {"name": "FEDORA-2016-5d43766e33", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176484.html"}, {"name": "SUSE-SU-2016:2074", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"}, {"name": "1035695", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1035695"}, {"name": "USN-2948-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2948-1"}, {"name": "DSA-3448", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2016/dsa-3448"}, {"name": "openSUSE-SU-2016:1008", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html"}, {"name": "USN-2929-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2929-2"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/torvalds/linux/commit/5c17c861a357e9458001f021a7afa7aab9937439"}, {"name": "USN-2948-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2948-2"}, {"name": "FEDORA-2016-2f25d12c51", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176464.html"}, {"name": "SUSE-SU-2016:0911", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.f5.com/csp/article/K43650115"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2016-0723", "datePublished": "2016-02-08T02:00:00", "dateReserved": "2015-12-16T00:00:00", "dateUpdated": "2024-08-05T22:30:03.991Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "EDD97C46-E284-47DB-B96A-3B8D5013F2F7", "versionEndIncluding": "4.4.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call."}, {"lang": "es", "value": "Condici\u00f3n de carrera en la funci\u00f3n tty_ioctl en drivers/tty/tty_io.c en el kernel de Linux hasta la versi\u00f3n 4.4.1 permite a usuarios locales obtener informaci\u00f3n sensible de la memoria del kernel o provocar una denegaci\u00f3n de servicio (uso despu\u00e9s de liberaci\u00f3n y ca\u00edda de aplicaci\u00f3n) al hacer una llamada ioctl TIOCGETD ioctl durante el procesamiento de una llamada ioctl TIOCSETD."}], "evaluatorComment": "<a href=\"http://cwe.mitre.org/data/definitions/416.html\">CWE-416: Use After Free</a>", "id": "CVE-2016-0723", "lastModified": "2016-12-06T03:05:32.453", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 5.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 7.8, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.5, "impactScore": 4.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-02-08T03:59:09.840", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5c17c861a357e9458001f021a7afa7aab9937439"}, {"source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176464.html"}, {"source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176484.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"}, {"source": "secalert@redhat.com", "url": "http://source.android.com/security/bulletin/2016-07-01.html"}, {"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2016/dsa-3448"}, {"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2016/dsa-3503"}, {"source": "secalert@redhat.com", "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"}, {"source": "secalert@redhat.com", "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/82950"}, {"source": "secalert@redhat.com", "url": "http://www.securitytracker.com/id/1035695"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-2929-1"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-2929-2"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-2930-1"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-2930-2"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-2930-3"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-2932-1"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-2948-1"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-2948-2"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-2967-1"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-2967-2"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1296253"}, {"source": "secalert@redhat.com", "url": "https://github.com/torvalds/linux/commit/5c17c861a357e9458001f021a7afa7aab9937439"}, {"source": "secalert@redhat.com", "url": "https://security-tracker.debian.org/tracker/CVE-2016-0723"}, {"source": "secalert@redhat.com", "url": "https://support.f5.com/csp/article/K43650115"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}, {"lang": "en", "value": "CWE-362"}, {"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "This issue was discovered by Milos Vyletel (Red Hat).", "bugzilla": {"description": "kernel: Kernel memory disclosure and crash in tty layer", "id": "1296253", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1296253"}, "csaw": false, "cvss": {"cvss_base_score": "5.6", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:P/I:N/A:C", "status": "draft"}, "cwe": "CWE-416", "details": ["Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free and system crash) by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl call.", "A use-after-free flaw was discovered in the Linux kernel's tty subsystem, which allows for the disclosure of uncontrolled memory location and possible kernel panic. The information leak is caused by a race condition when attempting to set and read the tty line discipline. A local attacker could use the TIOCSETD (via tty_set_ldisc) to switch to a new line discipline; a concurrent call to a TIOCGETD ioctl performing a read on a given tty could then access previously allocated memory. Up to 4 bytes could be leaked when querying the line discipline or the kernel could panic with a NULL-pointer dereference."], "name": "CVE-2016-0723", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:enterprise_mrg:2", "fix_state": "Will not fix", "package_name": "realtime-kernel", "product_name": "Red Hat Enterprise MRG 2"}], "public_date": "2015-11-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2016-0723\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0723"], "statement": "This issue affects kernels in Red Hat Enterprise Linux 5, 6 and 7. This has been rated as having Moderate security impact and is not currently\nplanned to be addressed in future updates. For additional information, refer\nto the Red Hat Enterprise Linux Life Cycle:\nhttps://access.redhat.com/support/policy/updates/errata/.", "threat_severity": "Moderate"}