CVE-2016-7042

{"id": "CVE-2016-7042", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.5}]}, "published": "2016-10-16T21:59:10.160", "references": [{"url": "http://rhn.redhat.com/errata/RHSA-2017-0817.html", "source": "cve@mitre.org"}, {"url": "http://www.openwall.com/lists/oss-security/2016/10/13/5", "tags": ["Mailing List"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/93544", "source": "cve@mitre.org"}, {"url": "https://access.redhat.com/errata/RHSA-2017:1842", "source": "cve@mitre.org"}, {"url": "https://access.redhat.com/errata/RHSA-2017:2077", "source": "cve@mitre.org"}, {"url": "https://access.redhat.com/errata/RHSA-2017:2669", "source": "cve@mitre.org"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1373966", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://source.android.com/security/bulletin/2017-01-01.html", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "The proc_keys_show function in security/keys/proc.c in the Linux kernel through 4.8.2, when the GNU Compiler Collection (gcc) stack protector is enabled, uses an incorrect buffer size for certain timeout data, which allows local users to cause a denial of service (stack memory corruption and panic) by reading the /proc/keys file."}, {"lang": "es", "value": "La funci\u00f3n proc_keys_show en security/keys/proc.c en el kernel de Linux hasta la versi\u00f3n 4.8.2, cuando el protector de pila GNU Compiler Collection (gcc) est\u00e1 habilitado, utiliza un tama\u00f1o de b\u00fafer incorrecto para ciertos datos de tiempo de espera, lo que permite a usuarios locales provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de la memoria de pila y p\u00e1nico) leyendo el archivo /proc/keys."}], "lastModified": "2018-01-05T02:31:10.667", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F2B9219B-3507-4C0A-90B0-3A53254FDCD0", "versionEndIncluding": "4.8.2"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}