CVE-2016-6136 (NVD)

2016-08-06

Race condition in the audit_log_single_execve_arg function in kernel/auditsc.c in the Linux kernel through 4.7 allows local users to bypass intended character-set restrictions or disrupt system-call auditing by changing a certain string, aka a "double fetch" vulnerability.

Products Linux_kernel
Type Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') (CWE-362)
First patch https://github.com/torvalds/linux/commit/43761473c254b45883a64441dd0bc85a42f3645c
Relevant file/s ./kernel/auditsc.c (modified, +164, -168)
Links http://www.securityfocus.com/bid/91558
https://bugzilla.redhat.com/show_bug.cgi?id=1353533
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=43761473c254b45883a64441dd0bc85a42f3645c
http://www.securityfocus.com/archive/1/538835/30/0/threaded
https://bugzilla.kernel.org/show_bug.cgi?id=120681

linux - Tree: 43761473c2

(? files)

Filter Settings
Files
Navigation
Patch data:

(on by default)

Patched area: