CVE-2016-4805: Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel before 4.5.2 allows local users to cause a denial of service (memory…

high7.8CVSS 3.1

AVLACLPRLUINSUCHIHAH

Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel before 4.5.2 allows local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions.

Affected

30 ranges· showing 25

Vendor	Product	Version range	Fixed in
canonical	ubuntu_linux	—	—
debian	linux	< linux 4.5.2-1 (bookworm)	linux 4.5.2-1 (bookworm)
google	android	—	—
linux	linux_kernel	>= 0 < 4.5.2-1	4.5.2-1
linux	linux_kernel	>= 0 < 4.5.2-1	4.5.2-1
linux	linux_kernel	>= 0 < 4.5.2-1	4.5.2-1
linux	linux_kernel	>= 0 < 4.5.2-1	4.5.2-1
linux	linux_kernel	>= 2.6.30 < 3.2.80	3.2.80
linux	linux_kernel	>= 3.11 < 3.12.59	3.12.59
linux	linux_kernel	>= 3.13 < 3.14.67	3.14.67
linux	linux_kernel	>= 3.15 < 3.16.35	3.16.35
linux	linux_kernel	>= 3.17 < 3.18.37	3.18.37
linux	linux_kernel	>= 3.19 < 4.1.28	4.1.28
linux	linux_kernel	>= 3.3 < 3.10.102	3.10.102
linux	linux_kernel	>= 4.2 < 4.4.8	4.4.8
linux	linux_kernel	>= 4.5 < 4.5.2	4.5.2
novell	opensuse_leap	—	—
novell	suse_linux_enterprise_desktop	—	—
novell	suse_linux_enterprise_live_patching	—	—
novell	suse_linux_enterprise_module_for_public_cloud	—	—
novell	suse_linux_enterprise_real_time_extension	—	—
novell	suse_linux_enterprise_real_time_extension	—	—
novell	suse_linux_enterprise_server	—	—
novell	suse_linux_enterprise_server	—	—
novell	suse_linux_enterprise_software_development_kit	—	—

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

osv7.8HIGH