1. Home
  2. Vulnerabilities
  3. CVE-2016-4913

CVE-2016-4913

CVSS v3.1 7.8 (High)
78% Progress
CVSS v2.0 7.2 (High)
72% Progress
EPSS 0.04 % (11th)
0.04% Progress
Affected Products 6
Advisories 26
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM (aka alternate name) entries containing \0 characters, which allows local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs filesystem.

Weaknesses
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE Status
PUBLISHED
CNA
Debian GNU/Linux
Published Date
2016-05-23 10:59:14
(8 years ago)
Updated Date
2023-09-12 14:45:07
(12 months ago)

Affected Products

Canonical

Linux

Novell

Oracle

Configuration #1

    CPE23 From Up To
  Canonical Ubuntu Linux 12.04 cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts
  Canonical Ubuntu Linux 14.04 cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts
  Canonical Ubuntu Linux 15.10 cpe:2.3:o:canonical:ubuntu_linux:15.10
  Canonical Ubuntu Linux 16.04 cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts

Configuration #2

    CPE23 From Up To
  Linux Kernel prior 3.2.81 version cpe:2.3:o:linux:linux_kernel < 3.2.81
  Linux Kernel from 3.3 version and prior 3.10.102 version cpe:2.3:o:linux:linux_kernel >= 3.3 < 3.10.102
  Linux Kernel from 3.11 version and prior 3.12.60 version cpe:2.3:o:linux:linux_kernel >= 3.11 < 3.12.60
  Linux Kernel from 3.13 version and prior 3.14.70 version cpe:2.3:o:linux:linux_kernel >= 3.13 < 3.14.70
  Linux Kernel from 3.15 version and prior 3.16.36 version cpe:2.3:o:linux:linux_kernel >= 3.15 < 3.16.36
  Linux Kernel from 3.17 version and prior 3.18.34 version cpe:2.3:o:linux:linux_kernel >= 3.17 < 3.18.34
  Linux Kernel from 3.19 version and prior 4.1.25 version cpe:2.3:o:linux:linux_kernel >= 3.19 < 4.1.25
  Linux Kernel from 4.2 version and prior 4.4.11 version cpe:2.3:o:linux:linux_kernel >= 4.2 < 4.4.11
  Linux Kernel from 4.5 version and prior 4.5.5 version cpe:2.3:o:linux:linux_kernel >= 4.5 < 4.5.5

Configuration #3

    CPE23 From Up To
  Oracle Linux 6 cpe:2.3:o:oracle:linux:6

Configuration #4

    CPE23 From Up To
  Novell Suse Linux Enterprise Software Development Kit 11.0 SP4 cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:11.0:sp4
  Novell Suse Linux Enterprise Debuginfo 11.0 SP4 cpe:2.3:o:novell:suse_linux_enterprise_debuginfo:11.0:sp4
  Novell Suse Linux Enterprise Server 11.0 Extra cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:extra
  Novell Suse Linux Enterprise Server 11.0 SP4 cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:sp4