CVE-2016-6197

Description

fs/overlayfs/dir.c in the OverlayFS filesystem implementation in the Linux kernel before 4.6 does not properly verify the upper dentry before proceeding with unlink and rename system-call processing, which allows local users to cause a denial of service (system crash) via a rename system call that specifies a self-hardlink.

CVSS Metrics

• v3.0•MEDIUM•Score: 5.5CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
• v2.0•MEDIUM•Score: 4.9AV:L/AC:L/Au:N/C:N/I:N/A:C

EPSS Trends

Current EPSS score: 0.06%• Percentile: 18%

Techniques & Countermeasures

• CWE-20•Improper Input Validation

  The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Affected Systems

• linux•linux_kernel

  ≤ 4.5.7

• oracle•linux

  6

• oracle•vm_server

  3.4

References (14)

• http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
• http://www.ubuntu.com/usn/USN-3070-1
• https://bugzilla.redhat.com/show_bug.cgi?id=1355650
• http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=11f3710417d026ea2f4fcf362d866342c5274185
• http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
• http://rhn.redhat.com/errata/RHSA-2016-1847.html
• http://www.securityfocus.com/bid/91709
• http://rhn.redhat.com/errata/RHSA-2016-1875.html
• http://www.ubuntu.com/usn/USN-3070-3
• http://www.securitytracker.com/id/1036273
• http://www.ubuntu.com/usn/USN-3070-2
• https://github.com/torvalds/linux/commit/11f3710417d026ea2f4fcf362d866342c5274185
• http://www.openwall.com/lists/oss-security/2016/07/11/8
• http://www.ubuntu.com/usn/USN-3070-4