CVE-2016-6136

CVSS v3.0 4.7 (Medium)

CVSS v2.0 1.9 (Low)

EPSS 0.04 % (5^th)

Affected Products 1

Advisories 19

Race condition in the audit_log_single_execve_arg function in kernel/auditsc.c in the Linux kernel through 4.7 allows local users to bypass intended character-set restrictions or disrupt system-call auditing by changing a certain string, aka a "double fetch" vulnerability.

Weaknesses

CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2016-08-06 20:59:06
(8 years ago)
Updated Date: 2018-01-05 02:31:04
(6 years ago)

Affected Products

Linux

Linux Kernel

Configuration #1

		CPE23	From	Up To
	Linux Kernel 4.7 and prior versions	cpe:2.3:o:linux:linux_kernel		<= 4.7