Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2016-3672

CWE-254CWE-34123 documents10 sources
Severity
7.8HIGH
EPSS
0.0%
top 91.14%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
9
Linux Linux KernelCanonical Ubuntu LinuxNovell Suse Linux Enterprise Desktop+6 more
Timeline
PublishedApr 27
Latest updateMay 14

Description

The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not properly randomize the legacy base address, which makes it easier for local users to defeat the intended restrictions on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism for a setuid or setgid program, by disabling stack-consumption resource limits.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages9 packages

Debianlinux< 4.5.1-1+3

Also affects: Ubuntu Linux 12.04, 14.04, 15.10

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

3
GHSA
GHSA-mr57-vcj3-9pgx: The arch_pick_mmap_layout function in arch/x86/mm/mmap2022-05-14
CVEList
CVE-2016-3672: The arch_pick_mmap_layout function in arch/x86/mm/mmap2016-04-27
OSV
CVE-2016-3672: The arch_pick_mmap_layout function in arch/x86/mm/mmap2016-04-27

💥Exploits & PoCs

1
Exploit-DB
Linux Kernel (x86) - Disable ASLR by Setting the RLIMIT_STACK Resource to Unlimited2016-04-06

📋Vendor Advisories

16
Android
CVE-2016-3672: Android Security Bulletin 2016-08-01 CVE: CVE-2016-3672 Severity: HIGH References: A-28763575 Upstream kernel2016-08-01
Ubuntu
Linux kernel (OMAP4) vulnerabilities2016-06-10
Ubuntu
Linux kernel vulnerabilities2016-06-10
Ubuntu
Linux kernel (Vivid HWE) vulnerabilities2016-06-10
Ubuntu
Linux kernel (Utopic HWE) vulnerabilities2016-06-10

💬Community

2
Bugzilla
CVE-2016-3672 kernel: unlimiting the stack disables ASLR2016-04-07
Bugzilla
CVE-2016-3672 kernel: unlimiting the stack disables ASLR [fedora-all]2016-04-07