{ "id": "CVE-2016-9754", "sourceIdentifier": "security@android.com", "published": "2017-01-05T11:59:00.193", "lastModified": "2023-01-17T21:05:25.067", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The ring_buffer_resize function in kernel/trace/ring_buffer.c in the profiling subsystem in the Linux kernel before 4.6.1 mishandles certain integer calculations, which allows local users to gain privileges by writing to the /sys/kernel/debug/tracing/buffer_size_kb file." }, { "lang": "es", "value": "La funci\u00f3n ring_buffer_resize en kernel/trace/ring_buffer.c en el subsistema de creaci\u00f3n de perfiles del kernel de Linux en versiones anteriores a 4.6.1 no maneja adecuadamente ciertos c\u00e1lculos de entero, lo que permite a usuarios locales obtener privilegios escribiendo en el archivo /sys/kernel/debug/tracing/buffer_size_kb." } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" }, "exploitabilityScore": 1.8, "impactScore": 5.9 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector": "LOCAL", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 7.2 }, "baseSeverity": "HIGH", "exploitabilityScore": 3.9, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-190" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.5", "versionEndExcluding": "3.10.102", "matchCriteriaId": "7B7694A6-D37E-46B2-91D2-C02D1E1D92FB" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.11", "versionEndExcluding": "3.12.61", "matchCriteriaId": "1DE29121-4AF5-432B-834F-340E88D3467D" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.13", "versionEndExcluding": "3.14.71", "matchCriteriaId": "67E46C10-5C97-4519-B660-433ED4B105F5" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.15", "versionEndExcluding": "3.16.37", "matchCriteriaId": "7DEF7E2D-A1AA-4733-A573-11EE52A2B419" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.17", "versionEndExcluding": "3.18.35", "matchCriteriaId": "0B4D585F-6BD3-46AB-8FD1-CC66EC1518AD" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.19", "versionEndExcluding": "4.1.26", "matchCriteriaId": "D6ED15B4-3B4F-4D72-A3DD-F61E2E8B2400" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.2", "versionEndExcluding": "4.4.12", "matchCriteriaId": "74710E0F-33B0-4DE1-9EAA-BF090FD39706" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.5", "versionEndExcluding": "4.5.6", "matchCriteriaId": "C60F583A-70FF-49D0-B1E7-27AF98A60A2F" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:4.6:*:*:*:*:*:*:*", "matchCriteriaId": "273E9BE2-7913-4FA4-9E2E-41AF562FA7B1" } ] } ] } ], "references": [ { "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=59643d1535eb220668692a5359de22545af579f6", "source": "security@android.com", "tags": [ "Exploit", "Patch", "Vendor Advisory" ] }, { "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.1", "source": "security@android.com", "tags": [ "Release Notes" ] }, { "url": "http://www.securityfocus.com/bid/95278", "source": "security@android.com", "tags": [ "Third Party Advisory", "VDB Entry" ] }, { "url": "https://github.com/torvalds/linux/commit/59643d1535eb220668692a5359de22545af579f6", "source": "security@android.com", "tags": [ "Patch", "Vendor Advisory" ] }, { "url": "https://source.android.com/security/bulletin/2017-01-01.html", "source": "security@android.com", "tags": [ "Third Party Advisory" ] } ] }