Vulnerability & Exploit Database

Displaying all 6 entries

Results for: CVE-2016-4557 Back to search

SUSE: CVE-2016-4557: SUSE Linux Security Advisory Vulnerability

  • Severity: 7
  • Published: May 23, 2016

The replace_map_fd_with_map_ptr function in kernel/bpf/verifier.c in the Linux kernel before 4.5.5 does not properly maintain an fd data structure, which allows local users to gain privileges or cause a denial of service (use-after-free) via crafted BPF instructions that reference an incorrect file descriptor.

Amazon Linux AMI: CVE-2016-4557: Security patch for kernel (ALAS-2016-703) Vulnerability

  • Severity: 7
  • Published: May 18, 2016

The replace_map_fd_with_map_ptr function in kernel/bpf/verifier.c in the Linux kernel before 4.5.5 does not properly maintain an fd data structure, which allows local users to gain privileges or cause a denial of service (use-after-free) via crafted BPF instructions that reference an incorrect file descriptor.

Linux BPF doubleput UAF Privilege Escalation Exploit

Disclosed: May 04, 2016

Linux kernel 4.4 < 4.5.5 extended Berkeley Packet Filter (eBPF) does not properly reference count file descriptors, resulting in a use-after-free, which can be abused to escalate privileges. The target system must be compiled with `CONFIG_BPF_SYSCALL` and must not have `kernel.unprivileged_bpf_disabled` set to 1....

Vulnerabilities deemed not relevant on Red Hat Enterprise Linux 5 Vulnerability

  • Severity: 1
  • Published: March 15, 2007

This is a placeholder for all CVEs that are not relevant for one reason or another on Red Hat Enterprise Linux 5. Oftentimes Red Hat makes this determination because the affected software was shipped, built or configured in a manner that it made it invulnerable to a given vulnerability.

Vulnerabilities deemed not relevant on Red Hat Enterprise Linux 4 Vulnerability

  • Severity: 1
  • Published: February 14, 2005

This is a placeholder for all CVEs that are not relevant for one reason or another on Red Hat Enterprise Linux 4. Oftentimes Red Hat makes this determination because the affected software was shipped, built or configured in a manner that it made it invulnerable to a given vulnerability.