Bug 1377330 (CVE-2016-7425)
| Summary: | CVE-2016-7425 kernel: SCSI arcmsr driver: Buffer overflow in arcmsr_iop_message_xfer() | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Andrej Nemec <anemec> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED WONTFIX | QA Contact: | |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | unspecified | CC: | agordeev, aquini, arm-mgr, bhu, dhoward, esammons, fhrbata, gansalmon, iboverma, ichavero, itamar, jforbes, jkacur, joelsmith, jonathan, jross, jwboyer, kernel-maint, kernel-mgr, labbott, lgoncalv, lwang, madhu.chinakonda, matt, mchehab, mcressma, mguzik, nmurray, plougher, rt-maint, rvrbovsk, slawomir, vdronov, williams |
| Target Milestone: | --- | Keywords: | Reopened, Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: |
A heap-buffer overflow vulnerability was found in the arcmsr_iop_message_xfer() function in 'drivers/scsi/arcmsr/arcmsr_hba.c' file in the Linux kernel through 4.8.2. The function does not restrict a certain length field, which allows local users to gain privileges or cause a denial of service via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code. This can potentially cause kernel heap corruption and arbitrary kernel code execution.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2016-10-25 13:40:18 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1377331, 1381976, 1381977, 1381978, 1381979, 1381980, 1381982, 1381983, 1381984 | ||
| Bug Blocks: | 1377333 | ||
|
Description
Andrej Nemec
2016-09-19 12:59:59 UTC
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1377331] kernel-4.7.5-200.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-7179af3ac1 kernel-4.7.5-100.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-58eda97f25 kernel-4.7.5-200.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report. kernel-4.7.5-100.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report. Statement: This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5. 6, 7 and Red Hat Enterprise MRG-2 as only the privileged user can exploit the flaw. |