CVE-2016-9644
Last modified
CVE-2016-9644 is a vulnerability of currently unknown severity. The __get_user_asm_ex macro in arch/x86/include/asm/uaccess.h in the Linux kernel 4.4.22 through 4.4.28 contains extended asm statements that are incompatible with the exception table, which allows local users to obtain root access on non-SMEP platforms via a crafted application. NOTE: this vulnerability exists because of incorrect backporting of the CVE-2016-9178 patch to older kernels.. EPSS estimates a 1.45% chance of exploitation in the next 30 days.
Description
The __get_user_asm_ex macro in arch/x86/include/asm/uaccess.h in the Linux kernel 4.4.22 through 4.4.28 contains extended asm statements that are incompatible with the exception table, which allows local users to obtain root access on non-SMEP platforms via a crafted application. NOTE: this vulnerability exists because of incorrect backporting of the CVE-2016-9178 patch to older kernels.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | 4.4.22 |
| Linux | Linux Kernel | 4.4.23 |
| Linux | Linux Kernel | 4.4.24 |
| Linux | Linux Kernel | 4.4.25 |
| Linux | Linux Kernel | 4.4.26 |
| Linux | Linux Kernel | 4.4.27 |
| Linux | Linux Kernel | 4.4.28 |
References
- http://www.openwall.com/lists/oss-security/2016/11/07/4Mailing List, Third Party Advisory
- http://www.openwall.com/lists/oss-security/2016/11/07/4Mailing List, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2016-9644?
How severe is CVE-2016-9644?
How do I fix CVE-2016-9644?
Are you affected by CVE-2016-9644?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST