SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (Linux)  >   Linux Kernel Vendors:   kernel.org
Linux Kernel sg_write() and bsg_write() Functions Let Local Users Obtain Root Privileges
SecurityTracker Alert ID:  1037538
SecurityTracker URL:  http://securitytracker.com/id/1037538
CVE Reference:   CVE-2016-10088   (Links to External Site)
Date:  Dec 31 2016
Impact:   Disclosure of system information, Execution of arbitrary code via local system, Modification of system information, Root access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in the Linux kernel. A local user can obtain root privileges on the target system.

A local user can supply specially crafted data to the sg_write() and bsg_write() functions to read or write arbitrary kernel memory locations and gain root privileges.

Systems with the KERNEL_DS option set are affected.

The vulnerability resides in 'block/bsg.c' and 'drivers/scsi/sg.c'.

[Editor's note: This vulnerability was introduced in a fix (commit a0ac402cfcdc904f9772e1762b3fda112dcc56a0) for a separate vulnerability.]

Impact:   A local user can obtain root privileges on the target system.
Solution:   The vendor has issued a source code fix, available at:

https://github.com/torvalds/linux/commit/128394eff343fc6d2f32172f03e24829539c5835

Vendor URL:  www.kernel.org/ (Links to External Site)
Cause:   Access control error

Message History:   This archive entry has one or more follow-up message(s) listed below.
Feb 22 2017 (Ubuntu Issues Fix) Linux Kernel sg_write() and bsg_write() Functions Let Local Users Obtain Root Privileges
Ubuntu has issued a fix for Ubuntu Linux 16.10.
Mar 21 2017 (Red Hat Issues Fix) Linux Kernel sg_write() and bsg_write() Functions Let Local Users Obtain Root Privileges
Red Hat has issued a fix for Red Hat Enterprise Linux 6.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC