Home

CVE-2016-9644

Description

The __get_user_asm_ex macro in arch/x86/include/asm/uaccess.h in the Linux kernel 4.4.22 through 4.4.28 contains extended asm statements that are incompatible with the exception table, which allows local users to obtain root access on non-SMEP platforms via a crafted application. NOTE: this vulnerability exists because of incorrect backporting of the CVE-2016-9178 patch to older kernels.

Risk Information

Base Score
7.8
MODERATE
Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.173

Associated Vulnerability

VulnerabilityOS Platform
Dtrace-modules-3.8.13-118.17.4.el6uek update (ELSA-2017-3534) dtrace-modules-3.8.13-118.17.4.el6uek-0.4.5-3.el6.x86_64.rpmLinux
Dtrace-modules-3.8.13-118.17.4.el7uek update (ELSA-2017-3534) dtrace-modules-3.8.13-118.17.4.el7uek-0.4.5-3.el7.x86_64.rpmLinux
Dtrace-modules-3.8.13-118.18.2.el6uek update (ELSA-2017-3566) dtrace-modules-3.8.13-118.18.2.el6uek-0.4.5-3.el6.x86_64.rpmLinux
Dtrace-modules-3.8.13-118.18.2.el7uek update (ELSA-2017-3566) dtrace-modules-3.8.13-118.18.2.el7uek-0.4.5-3.el7.x86_64.rpmLinux
Dtrace-modules-provider-headers update (ELSA-2017-3609) dtrace-modules-provider-headers-0.6.1-3.el6.x86_64.rpmLinux
Dtrace-modules-shared-headers update (ELSA-2017-3609) dtrace-modules-shared-headers-0.6.1-3.el6.x86_64.rpmLinux
Dtrace-modules-provider-headers update (ELSA-2017-3609) dtrace-modules-provider-headers-0.6.1-3.el7.x86_64.rpmLinux
Dtrace-modules-shared-headers update (ELSA-2017-3609) dtrace-modules-shared-headers-0.6.1-3.el7.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234