[kernel-sec-discuss] r4721 - active
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Thu Nov 17 14:05:22 UTC 2016
Author: jmm
Date: 2016-11-17 14:05:22 +0000 (Thu, 17 Nov 2016)
New Revision: 4721
Added:
active/CVE-2016-7916
Log:
new proc issue
Added: active/CVE-2016-7916
===================================================================
--- active/CVE-2016-7916 (rev 0)
+++ active/CVE-2016-7916 2016-11-17 14:05:22 UTC (rev 4721)
@@ -0,0 +1,17 @@
+Description:
+ Race condition in the environ_read function in fs/proc/base.c in the Linux kernel
+ before 4.5.4 allows local users to obtain sensitive information from kernel memory
+ by reading a /proc/*/environ file during a process-setup time interval in which
+ environment-variable copying is incomplete.
+References:
+ http://source.android.com/security/bulletin/2016-11-01.html
+ https://bugzilla.kernel.org/show_bug.cgi?id=116461
+ https://forums.grsecurity.net/viewtopic.php?f=3&t=4363
+Notes:
+Bugs:
+upstream: released (4.6) [8148a73c9901a8794a50f950083c00ccf97d43b3]
+3.16-upstream-stable:
+3.2-upstream-stable:
+sid: released (4.5.4-1)
+3.16-jessie-security:
+3.2-wheezy-security:
More information about the kernel-sec-discuss
mailing list