var-201604-0129
Vulnerability from variot
Xen and the Linux kernel through 4.5.x do not properly suppress hugetlbfs support in x86 PV guests, which allows local PV guest OS users to cause a denial of service (guest OS crash) by attempting to access a hugetlbfs mapped area. Xen is an open source virtual machine monitor product. Xen's PV virtual machine has a security vulnerability when enabling hugetlbfs support, allowing an attacker to exploit this vulnerability to trigger an infinite loop of error pages for a denial of service attack. ========================================================================== Ubuntu Security Notice USN-3001-1 June 10, 2016
linux-lts-vivid vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in the kernel.
Software Description: - linux-lts-vivid: Linux hardware enablement kernel from Vivid for Trusty
Details:
Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-2117)
Jann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did not implement one, causing a recursive page fault to occur. A local unprivileged attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-1583)
Jason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB over wifi device drivers in the Linux kernel. A remote attacker could use this to cause a denial of service (system crash) or obtain potentially sensitive information from kernel memory. (CVE-2015-4004)
Ralf Spenneberg discovered that the Linux kernel's GTCO digitizer USB device driver did not properly validate endpoint descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-2187)
Hector Marco and Ismael Ripoll discovered that the Linux kernel would improperly disable Address Space Layout Randomization (ASLR) for x86 processes running in 32 bit mode if stack-consumption resource limits were disabled. A local attacker could use this to make it easier to exploit an existing vulnerability in a setuid/setgid program. (CVE-2016-3672)
Andrey Konovalov discovered that the CDC Network Control Model USB driver in the Linux kernel did not cancel work events queued if a later error occurred, resulting in a use-after-free. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3951)
It was discovered that an out-of-bounds write could occur when handling incoming packets in the USB/IP implementation in the Linux kernel. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-3955)
Vitaly Kuznetsov discovered that the Linux kernel did not properly suppress hugetlbfs support in X86 paravirtualized guests. (CVE-2016-3961)
Kangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2 Support implementations in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4485)
Kangjie Lu discovered an information leak in the routing netlink socket interface (rtnetlink) implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4486)
Jann Horn discovered that the InfiniBand interfaces within the Linux kernel could be coerced into overwriting kernel memory. A local unprivileged attacker could use this to possibly gain administrative privileges on systems where InifiniBand related kernel modules are loaded. (CVE-2016-4565)
It was discovered that in some situations the Linux kernel did not handle propagated mounts correctly. A local unprivileged attacker could use this to cause a denial of service (system crash). (CVE-2016-4581)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 LTS: linux-image-3.19.0-61-generic 3.19.0-61.69~14.04.1 linux-image-3.19.0-61-generic-lpae 3.19.0-61.69~14.04.1 linux-image-3.19.0-61-lowlatency 3.19.0-61.69~14.04.1 linux-image-3.19.0-61-powerpc-e500mc 3.19.0-61.69~14.04.1 linux-image-3.19.0-61-powerpc-smp 3.19.0-61.69~14.04.1 linux-image-3.19.0-61-powerpc64-emb 3.19.0-61.69~14.04.1 linux-image-3.19.0-61-powerpc64-smp 3.19.0-61.69~14.04.1
After a standard system update you need to reboot your computer to make all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.
References: http://www.ubuntu.com/usn/usn-3001-1 CVE-2015-4004, CVE-2016-1583, CVE-2016-2117, CVE-2016-2187, CVE-2016-3672, CVE-2016-3951, CVE-2016-3955, CVE-2016-3961, CVE-2016-4485, CVE-2016-4486, CVE-2016-4565, CVE-2016-4581
Package Information: https://launchpad.net/ubuntu/+source/linux-lts-vivid/3.19.0-61.69~14.04.1
. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS.
It was discovered that the compression handling code in the Advanced Linux Sound Architecture (ALSA) subsystem in the Linux kernel did not properly check for an integer overflow. (CVE-2014-9904)
Kirill A.
References: http://www.ubuntu.com/usn/usn-3127-1 CVE-2014-9904, CVE-2015-3288, CVE-2016-3961, CVE-2016-7042
Package Information: https://launchpad.net/ubuntu/+source/linux/3.13.0-101.148
--w/VI3ydZO+RcZ3Ux
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIcBAEBCgAGBQJYJZIfAAoJEC8Jno0AXoH0insP/jaaUxVzufGQH9ssk/AaERQY mV60G8AmRGNR7bhU6yT3d1ia/NgsB5a0aZZ/mXBM0O5bwFo2958Vc8QPrZPqMFWh aC/xgP/ahn+CMJLpGdlUSDX75QVlOwAjszKVFo4DmFGiNbOMabW55ApdI1/fYnWP qr9Ag3eJH393HSquBMha+pRJBbQ+sr1KO/WjnTsuFJy5YqU2h/g3LypM+F5AHgbr gOXkWKpWJd+v1EP/uI+/MuoNigKfOs8r00Nbv8gNN8v/txGI/kSx2fCn4/aYQIwY 6WcOeONFsiriqYfSAZRPONWeCu5Huawc1y9Zs06ksy/vvZoNH/6dSvUyE5SI+T7m clMYC54ZEwkwmIu73bi+V8Ceodl+wtDl053Ekw8DGHrSj6I5O4BYH/kn1eRBDrdm AWe9KrchnfVTIOeb0H0S8Nb1XT4TcYFhY9JaQYCGQ2VKhGudKLJnwa0Hp1/uG8lr BWK4lp7FYIZztbsVR1vgcAwLmsb9D8PGm96qvrzunw3U2aQCtWU/QGMqwcMPgnVG hWE8o/l8GvZ5Ca5hj3tuMRT0pkzsN2jJbMQaJfNRbopoqopffpccdxOBCWvBuCDN T0bHGA+OO7o0OYms1nSPE/COopTBOyYRtYLVh3XIG93pGqK6XbZT8Ze9swmrktPj i+0yvWd0c7yq7dhf1if9 =07Pv -----END PGP SIGNATURE-----
--w/VI3ydZO+RcZ3Ux--
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201604-0129",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "xen",
"scope": "lte",
"trust": 1.0,
"vendor": "xen",
"version": "4.5.3"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "15.10"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.04"
},
{
"model": "xen",
"scope": "lte",
"trust": 0.8,
"vendor": "xen",
"version": "4.5.x"
},
{
"model": "pv",
"scope": null,
"trust": 0.6,
"vendor": "xen",
"version": null
},
{
"model": "xen",
"scope": "eq",
"trust": 0.6,
"vendor": "xen",
"version": "4.5.3"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02390"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002112"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-330"
},
{
"db": "NVD",
"id": "CVE-2016-3961"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:xen:xen",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002112"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ubuntu",
"sources": [
{
"db": "PACKETSTORM",
"id": "138261"
},
{
"db": "PACKETSTORM",
"id": "137419"
},
{
"db": "PACKETSTORM",
"id": "138270"
},
{
"db": "PACKETSTORM",
"id": "137416"
},
{
"db": "PACKETSTORM",
"id": "139673"
},
{
"db": "PACKETSTORM",
"id": "139678"
},
{
"db": "PACKETSTORM",
"id": "137418"
}
],
"trust": 0.7
},
"cve": "CVE-2016-3961",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2016-3961",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.9,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CNVD-2016-02390",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.8,
"id": "CVE-2016-3961",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-3961",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2016-3961",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2016-02390",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201604-330",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULMON",
"id": "CVE-2016-3961",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02390"
},
{
"db": "VULMON",
"id": "CVE-2016-3961"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002112"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-330"
},
{
"db": "NVD",
"id": "CVE-2016-3961"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Xen and the Linux kernel through 4.5.x do not properly suppress hugetlbfs support in x86 PV guests, which allows local PV guest OS users to cause a denial of service (guest OS crash) by attempting to access a hugetlbfs mapped area. Xen is an open source virtual machine monitor product. Xen\u0027s PV virtual machine has a security vulnerability when enabling hugetlbfs support, allowing an attacker to exploit this vulnerability to trigger an infinite loop of error pages for a denial of service attack. ==========================================================================\nUbuntu Security Notice USN-3001-1\nJune 10, 2016\n\nlinux-lts-vivid vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in the kernel. \n\nSoftware Description:\n- linux-lts-vivid: Linux hardware enablement kernel from Vivid for Trusty\n\nDetails:\n\nJustin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux\nkernel incorrectly enables scatter/gather I/O. A remote attacker could use\nthis to obtain potentially sensitive information from kernel memory. \n(CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the mmap()\nhandler of a lower filesystem that did not implement one, causing a\nrecursive page fault to occur. A local unprivileged attacker could use to\ncause a denial of service (system crash) or possibly execute arbitrary code\nwith administrative privileges. (CVE-2016-1583)\n\nJason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB\nover wifi device drivers in the Linux kernel. A remote attacker could use\nthis to cause a denial of service (system crash) or obtain potentially\nsensitive information from kernel memory. (CVE-2015-4004)\n\nRalf Spenneberg discovered that the Linux kernel\u0027s GTCO digitizer USB\ndevice driver did not properly validate endpoint descriptors. An attacker\nwith physical access could use this to cause a denial of service (system\ncrash). (CVE-2016-2187)\n\nHector Marco and Ismael Ripoll discovered that the Linux kernel would\nimproperly disable Address Space Layout Randomization (ASLR) for x86\nprocesses running in 32 bit mode if stack-consumption resource limits were\ndisabled. A local attacker could use this to make it easier to exploit an\nexisting vulnerability in a setuid/setgid program. (CVE-2016-3672)\n\nAndrey Konovalov discovered that the CDC Network Control Model USB driver\nin the Linux kernel did not cancel work events queued if a later error\noccurred, resulting in a use-after-free. An attacker with physical access\ncould use this to cause a denial of service (system crash). (CVE-2016-3951)\n\nIt was discovered that an out-of-bounds write could occur when handling\nincoming packets in the USB/IP implementation in the Linux kernel. A remote\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2016-3955)\n\nVitaly Kuznetsov discovered that the Linux kernel did not properly suppress\nhugetlbfs support in X86 paravirtualized guests. (CVE-2016-3961)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2\nSupport implementations in the Linux kernel. A local attacker could use\nthis to obtain potentially sensitive information from kernel memory. \n(CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink socket\ninterface (rtnetlink) implementation in the Linux kernel. A local attacker\ncould use this to obtain potentially sensitive information from kernel\nmemory. (CVE-2016-4486)\n\nJann Horn discovered that the InfiniBand interfaces within the Linux kernel\ncould be coerced into overwriting kernel memory. A local unprivileged\nattacker could use this to possibly gain administrative privileges on\nsystems where InifiniBand related kernel modules are loaded. \n(CVE-2016-4565)\n\nIt was discovered that in some situations the Linux kernel did not handle\npropagated mounts correctly. A local unprivileged attacker could use this\nto cause a denial of service (system crash). (CVE-2016-4581)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 LTS:\n linux-image-3.19.0-61-generic 3.19.0-61.69~14.04.1\n linux-image-3.19.0-61-generic-lpae 3.19.0-61.69~14.04.1\n linux-image-3.19.0-61-lowlatency 3.19.0-61.69~14.04.1\n linux-image-3.19.0-61-powerpc-e500mc 3.19.0-61.69~14.04.1\n linux-image-3.19.0-61-powerpc-smp 3.19.0-61.69~14.04.1\n linux-image-3.19.0-61-powerpc64-emb 3.19.0-61.69~14.04.1\n linux-image-3.19.0-61-powerpc64-smp 3.19.0-61.69~14.04.1\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. \n\nATTENTION: Due to an unavoidable ABI change the kernel updates have\nbeen given a new version number, which requires you to recompile and\nreinstall all third party kernel modules you might have installed. \nUnless you manually uninstalled the standard kernel metapackages\n(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,\nlinux-powerpc), a standard system upgrade will automatically perform\nthis as well. \n\nReferences:\n http://www.ubuntu.com/usn/usn-3001-1\n CVE-2015-4004, CVE-2016-1583, CVE-2016-2117, CVE-2016-2187,\n CVE-2016-3672, CVE-2016-3951, CVE-2016-3955, CVE-2016-3961,\n CVE-2016-4485, CVE-2016-4486, CVE-2016-4565, CVE-2016-4581\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/linux-lts-vivid/3.19.0-61.69~14.04.1\n\n\n. This update provides the corresponding updates for the Linux\nHardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu\n12.04 LTS. \n\nIt was discovered that the compression handling code in the Advanced Linux\nSound Architecture (ALSA) subsystem in the Linux kernel did not properly\ncheck for an integer overflow. (CVE-2014-9904)\n\nKirill A. \n\nReferences:\n http://www.ubuntu.com/usn/usn-3127-1\n CVE-2014-9904, CVE-2015-3288, CVE-2016-3961, CVE-2016-7042\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/linux/3.13.0-101.148\n\n\n--w/VI3ydZO+RcZ3Ux\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIcBAEBCgAGBQJYJZIfAAoJEC8Jno0AXoH0insP/jaaUxVzufGQH9ssk/AaERQY\nmV60G8AmRGNR7bhU6yT3d1ia/NgsB5a0aZZ/mXBM0O5bwFo2958Vc8QPrZPqMFWh\naC/xgP/ahn+CMJLpGdlUSDX75QVlOwAjszKVFo4DmFGiNbOMabW55ApdI1/fYnWP\nqr9Ag3eJH393HSquBMha+pRJBbQ+sr1KO/WjnTsuFJy5YqU2h/g3LypM+F5AHgbr\ngOXkWKpWJd+v1EP/uI+/MuoNigKfOs8r00Nbv8gNN8v/txGI/kSx2fCn4/aYQIwY\n6WcOeONFsiriqYfSAZRPONWeCu5Huawc1y9Zs06ksy/vvZoNH/6dSvUyE5SI+T7m\nclMYC54ZEwkwmIu73bi+V8Ceodl+wtDl053Ekw8DGHrSj6I5O4BYH/kn1eRBDrdm\nAWe9KrchnfVTIOeb0H0S8Nb1XT4TcYFhY9JaQYCGQ2VKhGudKLJnwa0Hp1/uG8lr\nBWK4lp7FYIZztbsVR1vgcAwLmsb9D8PGm96qvrzunw3U2aQCtWU/QGMqwcMPgnVG\nhWE8o/l8GvZ5Ca5hj3tuMRT0pkzsN2jJbMQaJfNRbopoqopffpccdxOBCWvBuCDN\nT0bHGA+OO7o0OYms1nSPE/COopTBOyYRtYLVh3XIG93pGqK6XbZT8Ze9swmrktPj\ni+0yvWd0c7yq7dhf1if9\n=07Pv\n-----END PGP SIGNATURE-----\n\n--w/VI3ydZO+RcZ3Ux--\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-3961"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002112"
},
{
"db": "CNVD",
"id": "CNVD-2016-02390"
},
{
"db": "VULMON",
"id": "CVE-2016-3961"
},
{
"db": "PACKETSTORM",
"id": "138261"
},
{
"db": "PACKETSTORM",
"id": "137419"
},
{
"db": "PACKETSTORM",
"id": "138270"
},
{
"db": "PACKETSTORM",
"id": "137416"
},
{
"db": "PACKETSTORM",
"id": "139673"
},
{
"db": "PACKETSTORM",
"id": "139678"
},
{
"db": "PACKETSTORM",
"id": "137418"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-3961",
"trust": 3.8
},
{
"db": "SECTRACK",
"id": "1035569",
"trust": 1.7
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2016/04/14/2",
"trust": 1.2
},
{
"db": "BID",
"id": "86068",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002112",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2016-02390",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201604-330",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2016-3961",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "138261",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "137419",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "138270",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "137416",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "139673",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "139678",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "137418",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02390"
},
{
"db": "VULMON",
"id": "CVE-2016-3961"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002112"
},
{
"db": "PACKETSTORM",
"id": "138261"
},
{
"db": "PACKETSTORM",
"id": "137419"
},
{
"db": "PACKETSTORM",
"id": "138270"
},
{
"db": "PACKETSTORM",
"id": "137416"
},
{
"db": "PACKETSTORM",
"id": "139673"
},
{
"db": "PACKETSTORM",
"id": "139678"
},
{
"db": "PACKETSTORM",
"id": "137418"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-330"
},
{
"db": "NVD",
"id": "CVE-2016-3961"
}
]
},
"id": "VAR-201604-0129",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02390"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02390"
}
]
},
"last_update_date": "2024-09-19T21:37:48.577000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "xsa174.patch",
"trust": 0.8,
"url": "http://xenbits.xen.org/xsa/xsa174.patch"
},
{
"title": "XSA-174",
"trust": 0.8,
"url": "http://xenbits.xen.org/xsa/advisory-174.html"
},
{
"title": "Patch for XenPV Virtual Machine Denial of Service Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/74420"
},
{
"title": "Xen and Linux kernel Remediation measures for denial of service vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60973"
},
{
"title": "Red Hat: CVE-2016-3961",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2016-3961"
},
{
"title": "Ubuntu Security Notice: linux vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3127-1"
},
{
"title": "Ubuntu Security Notice: linux-lts-trusty vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3127-2"
},
{
"title": "Ubuntu Security Notice: linux-ti-omap4 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3050-1"
},
{
"title": "Ubuntu Security Notice: linux vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3049-1"
},
{
"title": "Brocade Security Advisories: BSA-2017-204",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=brocade_security_advisories\u0026qid=426d0c0eff7642baadbe130aeadad5b8"
},
{
"title": "Ubuntu Security Notice: linux vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3006-1"
},
{
"title": "Ubuntu Security Notice: linux-lts-xenial vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3005-1"
},
{
"title": "Ubuntu Security Notice: linux-raspi2 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3007-1"
},
{
"title": "Ubuntu Security Notice: linux vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3003-1"
},
{
"title": "Ubuntu Security Notice: linux-lts-vivid vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3001-1"
},
{
"title": "Ubuntu Security Notice: linux-lts-wily vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3002-1"
},
{
"title": "Ubuntu Security Notice: linux-raspi2 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3004-1"
},
{
"title": "Amazon Linux AMI: ALAS-2016-703",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2016-703"
},
{
"title": "Debian Security Advisories: DSA-3607-1 linux -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=130ea7817d6c997c442bd2ad39a2da75"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02390"
},
{
"db": "VULMON",
"id": "CVE-2016-3961"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002112"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-330"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002112"
},
{
"db": "NVD",
"id": "CVE-2016-3961"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1035569"
},
{
"trust": 1.7,
"url": "http://xenbits.xen.org/xsa/advisory-174.html"
},
{
"trust": 1.7,
"url": "http://xenbits.xen.org/xsa/xsa174.patch"
},
{
"trust": 1.2,
"url": "http://www.openwall.com/lists/oss-security/2016/04/14/2"
},
{
"trust": 1.2,
"url": "http://www.ubuntu.com/usn/usn-3001-1"
},
{
"trust": 1.2,
"url": "http://www.ubuntu.com/usn/usn-3003-1"
},
{
"trust": 1.2,
"url": "http://www.ubuntu.com/usn/usn-3004-1"
},
{
"trust": 1.2,
"url": "http://www.ubuntu.com/usn/usn-3049-1"
},
{
"trust": 1.2,
"url": "http://www.ubuntu.com/usn/usn-3050-1"
},
{
"trust": 1.1,
"url": "http://www.debian.org/security/2016/dsa-3607"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/86068"
},
{
"trust": 1.1,
"url": "http://www.ubuntu.com/usn/usn-3002-1"
},
{
"trust": 1.1,
"url": "http://www.ubuntu.com/usn/usn-3005-1"
},
{
"trust": 1.1,
"url": "http://www.ubuntu.com/usn/usn-3006-1"
},
{
"trust": 1.1,
"url": "http://www.ubuntu.com/usn/usn-3007-1"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-3961"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-3961"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-3961"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-3955"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2117"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4486"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4565"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4581"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-3672"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-4004"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4485"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1583"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2187"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-3951"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-3134"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-4470"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5243"
},
{
"trust": 0.2,
"url": "http://www.ubuntu.com/usn/usn-3127-1"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7042"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-9904"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3288"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://www.rapid7.com/db/vulnerabilities/amazon_linux-cve-2016-3961"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-3961"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/3127-1/"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux/3.2.0-107.148"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-raspi2/4.2.0-1031.41"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-ti-omap4/3.2.0-1485.112"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-lts-vivid/3.19.0-61.69~14.04.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux-lts-trusty/3.13.0-101.148~precise1"
},
{
"trust": 0.1,
"url": "http://www.ubuntu.com/usn/usn-3127-2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux/3.13.0-101.148"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/linux/4.2.0-38.45"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02390"
},
{
"db": "VULMON",
"id": "CVE-2016-3961"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002112"
},
{
"db": "PACKETSTORM",
"id": "138261"
},
{
"db": "PACKETSTORM",
"id": "137419"
},
{
"db": "PACKETSTORM",
"id": "138270"
},
{
"db": "PACKETSTORM",
"id": "137416"
},
{
"db": "PACKETSTORM",
"id": "139673"
},
{
"db": "PACKETSTORM",
"id": "139678"
},
{
"db": "PACKETSTORM",
"id": "137418"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-330"
},
{
"db": "NVD",
"id": "CVE-2016-3961"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-02390"
},
{
"db": "VULMON",
"id": "CVE-2016-3961"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002112"
},
{
"db": "PACKETSTORM",
"id": "138261"
},
{
"db": "PACKETSTORM",
"id": "137419"
},
{
"db": "PACKETSTORM",
"id": "138270"
},
{
"db": "PACKETSTORM",
"id": "137416"
},
{
"db": "PACKETSTORM",
"id": "139673"
},
{
"db": "PACKETSTORM",
"id": "139678"
},
{
"db": "PACKETSTORM",
"id": "137418"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-330"
},
{
"db": "NVD",
"id": "CVE-2016-3961"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-04-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-02390"
},
{
"date": "2016-04-15T00:00:00",
"db": "VULMON",
"id": "CVE-2016-3961"
},
{
"date": "2016-04-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002112"
},
{
"date": "2016-08-10T15:28:34",
"db": "PACKETSTORM",
"id": "138261"
},
{
"date": "2016-06-10T06:06:00",
"db": "PACKETSTORM",
"id": "137419"
},
{
"date": "2016-08-10T15:31:42",
"db": "PACKETSTORM",
"id": "138270"
},
{
"date": "2016-06-10T06:03:00",
"db": "PACKETSTORM",
"id": "137416"
},
{
"date": "2016-11-11T14:29:32",
"db": "PACKETSTORM",
"id": "139673"
},
{
"date": "2016-11-11T14:30:23",
"db": "PACKETSTORM",
"id": "139678"
},
{
"date": "2016-06-10T06:05:00",
"db": "PACKETSTORM",
"id": "137418"
},
{
"date": "2016-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-330"
},
{
"date": "2016-04-15T14:59:14.050000",
"db": "NVD",
"id": "CVE-2016-3961"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-04-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-02390"
},
{
"date": "2016-11-28T00:00:00",
"db": "VULMON",
"id": "CVE-2016-3961"
},
{
"date": "2016-04-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002112"
},
{
"date": "2016-04-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-330"
},
{
"date": "2016-11-28T20:14:24.493000",
"db": "NVD",
"id": "CVE-2016-3961"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "PACKETSTORM",
"id": "138261"
},
{
"db": "PACKETSTORM",
"id": "138270"
},
{
"db": "PACKETSTORM",
"id": "139673"
},
{
"db": "PACKETSTORM",
"id": "139678"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-330"
}
],
"trust": 1.0
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Xen and Linux Kernel Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002112"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-330"
}
],
"trust": 0.6
}
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.