{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-05-02T00:00:00", "descriptions": [{"lang": "en", "value": "The LIST_POISON feature in include/linux/poison.h in the Linux kernel before 4.3, as used in Android 6.0.1 before 2016-03-01, does not properly consider the relationship to the mmap_min_addr value, which makes it easier for attackers to bypass a poison-pointer protection mechanism by triggering the use of an uninitialized list entry, aka Android internal bug 26186802, a different vulnerability than CVE-2015-3636."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-11-29T16:57:01", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android"}, "references": [{"name": "USN-2971-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2971-2"}, {"name": "USN-2967-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2967-1"}, {"name": "USN-2970-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2970-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/torvalds/linux/commit/8a5e5e02fc83aaf67053ab53b359af08c6c49aaf"}, {"name": "[oss-security] 20150502 Re: CVE request for a fixed bug existed in all versions of linux kernel from KeenTeam", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2015/05/02/6"}, {"name": "USN-2969-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2969-1"}, {"name": "USN-2967-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2967-2"}, {"name": "USN-2968-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2968-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://source.android.com/security/bulletin/2016-03-01.html"}, {"name": "USN-2971-3", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2971-3"}, {"name": "DSA-3607", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2016/dsa-3607"}, {"name": "USN-2971-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2971-1"}, {"name": "USN-2968-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2968-2"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8a5e5e02fc83aaf67053ab53b359af08c6c49aaf"}, {"name": "84260", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/84260"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@android.com", "ID": "CVE-2016-0821", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The LIST_POISON feature in include/linux/poison.h in the Linux kernel before 4.3, as used in Android 6.0.1 before 2016-03-01, does not properly consider the relationship to the mmap_min_addr value, which makes it easier for attackers to bypass a poison-pointer protection mechanism by triggering the use of an uninitialized list entry, aka Android internal bug 26186802, a different vulnerability than CVE-2015-3636."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "USN-2971-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2971-2"}, {"name": "USN-2967-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2967-1"}, {"name": "USN-2970-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2970-1"}, {"name": "https://github.com/torvalds/linux/commit/8a5e5e02fc83aaf67053ab53b359af08c6c49aaf", "refsource": "CONFIRM", "url": "https://github.com/torvalds/linux/commit/8a5e5e02fc83aaf67053ab53b359af08c6c49aaf"}, {"name": "[oss-security] 20150502 Re: CVE request for a fixed bug existed in all versions of linux kernel from KeenTeam", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2015/05/02/6"}, {"name": "USN-2969-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2969-1"}, {"name": "USN-2967-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2967-2"}, {"name": "USN-2968-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2968-1"}, {"name": "http://source.android.com/security/bulletin/2016-03-01.html", "refsource": "CONFIRM", "url": "http://source.android.com/security/bulletin/2016-03-01.html"}, {"name": "USN-2971-3", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2971-3"}, {"name": "DSA-3607", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3607"}, {"name": "USN-2971-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2971-1"}, {"name": "USN-2968-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2968-2"}, {"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8a5e5e02fc83aaf67053ab53b359af08c6c49aaf", "refsource": "CONFIRM", "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8a5e5e02fc83aaf67053ab53b359af08c6c49aaf"}, {"name": "84260", "refsource": "BID", "url": "http://www.securityfocus.com/bid/84260"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T22:30:05.117Z"}, "title": "CVE Program Container", "references": [{"name": "USN-2971-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2971-2"}, {"name": "USN-2967-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2967-1"}, {"name": "USN-2970-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2970-1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/torvalds/linux/commit/8a5e5e02fc83aaf67053ab53b359af08c6c49aaf"}, {"name": "[oss-security] 20150502 Re: CVE request for a fixed bug existed in all versions of linux kernel from KeenTeam", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2015/05/02/6"}, {"name": "USN-2969-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2969-1"}, {"name": "USN-2967-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2967-2"}, {"name": "USN-2968-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2968-1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://source.android.com/security/bulletin/2016-03-01.html"}, {"name": "USN-2971-3", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2971-3"}, {"name": "DSA-3607", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2016/dsa-3607"}, {"name": "USN-2971-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2971-1"}, {"name": "USN-2968-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2968-2"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8a5e5e02fc83aaf67053ab53b359af08c6c49aaf"}, {"name": "84260", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/84260"}]}]}, "cveMetadata": {"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2016-0821", "datePublished": "2016-03-12T21:00:00", "dateReserved": "2015-12-16T00:00:00", "dateUpdated": "2024-08-05T22:30:05.117Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "24716AE4-6BBB-4E20-B9CC-8D2D43014BBD", "versionEndExcluding": "4.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "691FA41B-C2CE-413F-ABB1-0B22CB322807", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The LIST_POISON feature in include/linux/poison.h in the Linux kernel before 4.3, as used in Android 6.0.1 before 2016-03-01, does not properly consider the relationship to the mmap_min_addr value, which makes it easier for attackers to bypass a poison-pointer protection mechanism by triggering the use of an uninitialized list entry, aka Android internal bug 26186802, a different vulnerability than CVE-2015-3636."}, {"lang": "es", "value": "La funcionalidad LIST_POISON en include/linux/poison.h en el kernel de Linux en versiones anteriores a 4.3, como se utiliza en Android 6.0.1 en versiones anteriores a 2016-03-01, no considera adecuadamente la relaci\u00f3n del valor mmap_min_addr, lo que hace m\u00e1s f\u00e1cil a atacantes eludir un mecanismo de protecci\u00f3n poison-pointer desencadenando el uso de una entrada de lista no inicializada, tambi\u00e9n conocido como error interno de Android 26186802, una vulnerabilidad diferente a CVE-2015-3636."}], "id": "CVE-2016-0821", "lastModified": "2022-01-31T17:54:43.870", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-03-12T21:59:05.900", "references": [{"source": "security@android.com", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8a5e5e02fc83aaf67053ab53b359af08c6c49aaf"}, {"source": "security@android.com", "tags": ["Third Party Advisory"], "url": "http://source.android.com/security/bulletin/2016-03-01.html"}, {"source": "security@android.com", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2016/dsa-3607"}, {"source": "security@android.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2015/05/02/6"}, {"source": "security@android.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/84260"}, {"source": "security@android.com", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2967-1"}, {"source": "security@android.com", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2967-2"}, {"source": "security@android.com", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2968-1"}, {"source": "security@android.com", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2968-2"}, {"source": "security@android.com", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2969-1"}, {"source": "security@android.com", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2970-1"}, {"source": "security@android.com", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2971-1"}, {"source": "security@android.com", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2971-2"}, {"source": "security@android.com", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2971-3"}, {"source": "security@android.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/torvalds/linux/commit/8a5e5e02fc83aaf67053ab53b359af08c6c49aaf"}], "sourceIdentifier": "security@android.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-908"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: Too big poison pointer space", "id": "1317571", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1317571"}, "csaw": false, "cvss": {"cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "draft"}, "details": ["The LIST_POISON feature in include/linux/poison.h in the Linux kernel before 4.3, as used in Android 6.0.1 before 2016-03-01, does not properly consider the relationship to the mmap_min_addr value, which makes it easier for attackers to bypass a poison-pointer protection mechanism by triggering the use of an uninitialized list entry, aka Android internal bug 26186802, a different vulnerability than CVE-2015-3636."], "name": "CVE-2016-0821", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:enterprise_mrg:2", "fix_state": "Will not fix", "package_name": "realtime-kernel", "product_name": "Red Hat Enterprise MRG 2"}], "public_date": "2015-09-10T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2016-0821\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0821"], "statement": "This issue affects versions of the kernel shipped with Red Hat Enterprise\nLinux 5, 6, 7 and MRG-2 realtime kernels.\nThis has been rated as having Moderate security impact and is not currently\nplanned to be addressed in future updates. For additional information, refer\nto the Red Hat Enterprise Linux Life Cycle:\nhttps://access.redhat.com/support/policy/updates/errata/ .", "threat_severity": "Moderate", "upstream_fix": "kernel 4.3"}