CVE-2016-4913

7.8 HIGH

Published: May 23, 2016 Modified: May 06, 2026

Description

The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM (aka alternate name) entries containing \0 characters, which allows local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs filesystem.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=99d825822eade8d827a1817357cbf3f889a552d6

Source: security@debian.org

Vendor Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html

Source: security@debian.org

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html

Source: security@debian.org

Mailing List Third Party Advisory

http://www.debian.org/security/2016/dsa-3607

Source: security@debian.org

Third Party Advisory

http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5

Source: security@debian.org

Vendor Advisory

http://www.openwall.com/lists/oss-security/2016/05/18/3

Source: security@debian.org

Mailing List Patch Third Party Advisory

http://www.openwall.com/lists/oss-security/2016/05/18/5

Source: security@debian.org

Mailing List Patch Third Party Advisory

http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html

Source: security@debian.org

Third Party Advisory

http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html

Source: security@debian.org

Third Party Advisory

http://www.securityfocus.com/bid/90730

Source: security@debian.org

Third Party Advisory VDB Entry

http://www.ubuntu.com/usn/USN-3016-1

Source: security@debian.org

Third Party Advisory

http://www.ubuntu.com/usn/USN-3016-2

Source: security@debian.org

Third Party Advisory

http://www.ubuntu.com/usn/USN-3016-3

Source: security@debian.org

Third Party Advisory

http://www.ubuntu.com/usn/USN-3016-4

Source: security@debian.org

Third Party Advisory

http://www.ubuntu.com/usn/USN-3017-1

Source: security@debian.org

Third Party Advisory

http://www.ubuntu.com/usn/USN-3017-2

Source: security@debian.org

Third Party Advisory

http://www.ubuntu.com/usn/USN-3017-3

Source: security@debian.org

Third Party Advisory

http://www.ubuntu.com/usn/USN-3018-1

Source: security@debian.org

Third Party Advisory

http://www.ubuntu.com/usn/USN-3018-2

Source: security@debian.org

Third Party Advisory

http://www.ubuntu.com/usn/USN-3019-1

Source: security@debian.org

Third Party Advisory

http://www.ubuntu.com/usn/USN-3020-1

Source: security@debian.org

Third Party Advisory

http://www.ubuntu.com/usn/USN-3021-1

Source: security@debian.org

Third Party Advisory

http://www.ubuntu.com/usn/USN-3021-2

Source: security@debian.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:3083

Source: security@debian.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:3096

Source: security@debian.org

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1337528

Source: security@debian.org

Issue Tracking Third Party Advisory VDB Entry

https://github.com/torvalds/linux/commit/99d825822eade8d827a1817357cbf3f889a552d6

Source: security@debian.org

Vendor Advisory

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=99d825822eade8d827a1817357cbf3f889a552d6