vulnerability
Oracle Linux: (CVE-2016-9644) (Multiple Advisories): Unbreakable Enterprise kernel security update
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:M/Au:N/C:C/I:C/A:C) | 2016-11-27 | 2017-04-04 | 2024-08-06 |
Severity
9
CVSS
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
Published
2016-11-27
Added
2017-04-04
Modified
2024-08-06
Description
The __get_user_asm_ex macro in arch/x86/include/asm/uaccess.h in the Linux kernel 4.4.22 through 4.4.28 contains extended asm statements that are incompatible with the exception table, which allows local users to obtain root access on non-SMEP platforms via a crafted application. NOTE: this vulnerability exists because of incorrect backporting of the CVE-2016-9178 patch to older kernels.
Solution(s)
oracle-linux-upgrade-dtrace-modulesoracle-linux-upgrade-dtrace-modules-provider-headersoracle-linux-upgrade-dtrace-modules-shared-headersoracle-linux-upgrade-kernel-uekoracle-linux-upgrade-kernel-uek-debugoracle-linux-upgrade-kernel-uek-debug-develoracle-linux-upgrade-kernel-uek-develoracle-linux-upgrade-kernel-uek-docoracle-linux-upgrade-kernel-uek-firmware
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.