vulnerability
Ubuntu: (Multiple Advisories) (CVE-2016-7097): Linux kernel vulnerabilities
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
4 | (AV:L/AC:L/Au:N/C:P/I:P/A:N) | Oct 16, 2016 | Dec 1, 2016 | Apr 14, 2025 |
Description
It was discovered that the __get_user_asm_ex implementation in the Linux
kernel for x86/x86_64 contained extended asm statements that were
incompatible with the exception table. A local attacker could use this to
gain administrative privileges. (CVE-2016-9644)
Andreas Gruenbacher and Jan Kara discovered that the filesystem
implementation in the Linux kernel did not clear the setgid bit during a
setxattr call. A local attacker could use this to possibly elevate group
privileges. (CVE-2016-7097)
Marco Grassi discovered that the driver for Areca RAID Controllers in the
Linux kernel did not properly validate control messages. A local attacker
could use this to cause a denial of service (system crash) or possibly gain
privileges. (CVE-2016-7425)
Daxing Guo discovered a stack-based buffer overflow in the Broadcom
IEEE802.11n FullMAC driver in the Linux kernel. A local attacker could use
this to cause a denial of service (system crash) or possibly gain
privileges. (CVE-2016-8658)
Solution(s)
References
- CVE-2016-7097
- https://attackerkb.com/topics/CVE-2016-7097
- DEBIAN-DLA-772-1
- NVD-CVE-2016-7097
- UBUNTU-USN-3146-1
- UBUNTU-USN-3146-2
- UBUNTU-USN-3147-1
- UBUNTU-USN-3161-3
- UBUNTU-USN-3161-4
- UBUNTU-USN-3162-2
- UBUNTU-USN-3208-1
- UBUNTU-USN-3208-2
- UBUNTU-USN-3265-1
- UBUNTU-USN-3265-2
- UBUNTU-USN-3291-1
- UBUNTU-USN-3291-2
- UBUNTU-USN-3291-3
- UBUNTU-USN-3293-1
- UBUNTU-USN-3312-1
- UBUNTU-USN-3312-2
- UBUNTU-USN-3314-1
- UBUNTU-USN-3361-1
- UBUNTU-USN-3405-1
- UBUNTU-USN-3405-2
- UBUNTU-USN-3419-1
- UBUNTU-USN-3419-2
- UBUNTU-USN-3420-1
- UBUNTU-USN-3420-2
- UBUNTU-USN-3422-1
- UBUNTU-USN-3422-2
- UBUNTU-USN-3423-1

Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.