Use-after-free Vulnerability in Linux Kernel Network Drivers
CVE-2016-4805

7.8HIGH

Key Information:

Vendor

Novell
Status
Suse Linux Enterprise Desktop
Vendor
CVE Published:
23 May 2016

What is CVE-2016-4805?

A use-after-free vulnerability exists in the network drivers of the Linux kernel, specifically in the ppp_generic.c file. This flaw allows local users to trigger a denial of service by removing a network namespace, which may result in memory corruption or system crashes. The vulnerability pertains to the ppp_register_net_channel and ppp_unregister_channel functions, making systems running affected versions susceptible to unpredictable behaviors affecting network stability.

References

http://lists.opensuse.org/opensuse-security-announce/2016...
vendor-advisoryx_refsource_SUSE
http://www.oracle.com/technetwork/topics/security/linuxbu...
x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2016...
vendor-advisoryx_refsource_SUSE

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.