CVE-2016-2847

MEDIUM

Linux Kernel < 4.4.8 - Resource Management Error

Title source: rule

Description

fs/pipe.c in the Linux kernel before 4.5 does not limit the amount of unread data in pipes, which allows local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes.

References (28)

[Vendor Advisory] http://www.ubuntu.com/usn/USN-2947-1

[Vendor Advisory] http://www.ubuntu.com/usn/USN-2947-2

[Vendor Advisory] http://www.ubuntu.com/usn/USN-2947-3

[Vendor Advisory] http://www.ubuntu.com/usn/USN-2948-1

[Vendor Advisory] http://www.ubuntu.com/usn/USN-2948-2

[Vendor Advisory] http://www.ubuntu.com/usn/USN-2949-1

[Vendor Advisory] http://www.ubuntu.com/usn/USN-2967-1

[Vendor Advisory] http://www.ubuntu.com/usn/USN-2967-2

[Vendor Advisory] http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html

[Vendor Advisory] http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html

[Patch, Vendor Advisory] http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=759c01142a5d0f364a462346168a56de28a80f52

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html

[Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html

[Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html

[Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html

[Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.html

[Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2016-2574.html

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2016-2584.html

... and 8 more

Scores

CVSS v3 6.2

EPSS 0.0007

EPSS Percentile 22.0%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-399

Status draft

Affected Products (17)

linux/linux_kernel < 4.4.8

novell/suse_linux_enterprise_software_development_kit

novell/suse_linux_enterprise_debuginfo

novell/suse_linux_enterprise_desktop

novell/suse_linux_enterprise_live_patching

novell/suse_linux_enterprise_module_for_public_cloud

novell/suse_linux_enterprise_real_time_extension

novell/suse_linux_enterprise_server

... and 2 more

Timeline

Published Apr 27, 2016

Tracked Since Feb 18, 2026