CVE-2016-4581NULL Pointer Dereference in Kernel

CWE-476NULL Pointer Dereference17 documents8 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 91.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Linux KernelCanonical Ubuntu LinuxOracle Linux
Timeline
PublishedMay 23
Latest updateMay 13

Description

fs/pnode.c in the Linux kernel before 4.5.4 does not properly traverse a mount propagation tree in a certain case involving a slave mount, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted series of mount system calls.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

Debianlinux/linux_kernel< 4.5.4-1+3

Also affects: Ubuntu Linux 12.04, 14.04, 15.10, 16.04

🔴Vulnerability Details

3
GHSA
GHSA-m632-mj54-c945: fs/pnode2022-05-13
OSV
CVE-2016-4581: fs/pnode2016-05-23
CVEList
CVE-2016-4581: fs/pnode2016-05-23

📋Vendor Advisories

12
Ubuntu
Linux kernel vulnerabilities2016-06-10
Ubuntu
Linux kernel (Xenial HWE) vulnerabilities2016-06-10
Ubuntu
Linux kernel (Raspberry Pi 2) vulnerabilities2016-06-10
Ubuntu
Linux kernel (Vivid HWE) vulnerabilities2016-06-10
Ubuntu
Linux kernel (Utopic HWE) vulnerabilities2016-06-10

💬Community

1
Bugzilla
CVE-2016-4581 kernel: Slave being first propagated copy causes oops in propagate_mnt2016-05-06
CVE-2016-4581 — NULL Pointer Dereference in Kernel | cvebase