DNA View

High Severity Vulnerability

This vulnerability has been rated as High severity. Immediate action is recommended.

CVE-2016-4805

High

Low Medium High Critical

7.8

CVSS Score

Published: May 23, 2016

Last Modified: Apr 12, 2025

CWE: CWE-416

Vulnerability Description

Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel before 4.5.2 allows local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions.

CVSS Metrics

Common Vulnerability Scoring System

Vector String:

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Known Affected Software

15 configuration(s) from 4 vendor(s)

ubuntu_linux

Version:

12.04

CPE:

cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*

suse_linux_enterprise_real_time_extension

Version:

11.0

CPE:

cpe:2.3:o:novell:suse_linux_enterprise_real_time_extension:11.0:sp4:*:*:*:*:*:*

suse_linux_enterprise_real_time_extension

Version:

12.0

CPE:

cpe:2.3:o:novell:suse_linux_enterprise_real_time_extension:12.0:sp1:*:*:*:*:*:*

suse_linux_enterprise_live_patching

Version:

12.0

CPE:

cpe:2.3:o:novell:suse_linux_enterprise_live_patching:12.0:*:*:*:*:*:*:*

suse_linux_enterprise_server

Version:

11.0

CPE:

cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:sp4:*:*:*:*:*:*

suse_linux_enterprise_module_for_public_cloud

Version:

12.0

CPE:

cpe:2.3:o:novell:suse_linux_enterprise_module_for_public_cloud:12.0:*:*:*:*:*:*:*

opensuse_leap

Version:

42.1

CPE:

cpe:2.3:o:novell:opensuse_leap:42.1:*:*:*:*:*:*:*

suse_linux_enterprise_software_development_kit

Version:

11.0

CPE:

cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:11.0:sp4:*:*:*:*:*:*

suse_linux_enterprise_server

Version:

12.0

CPE:

cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:-:*:*:*:*:*:*

suse_linux_enterprise_workstation_extension

Version:

12.0

CPE:

cpe:2.3:o:novell:suse_linux_enterprise_workstation_extension:12.0:sp1:*:*:*:*:*:*

suse_linux_enterprise_desktop

Version:

12.0

CPE:

cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:-:*:*:*:*:*:*

suse_linux_enterprise_software_development_kit

Version:

12.0

CPE:

cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:12.0:-:*:*:*:*:*:*

linux

Version:

CPE:

cpe:2.3:o:oracle:linux:6:10:*:*:*:*:*:*

enterprise_linux

Version:

7.0

CPE:

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:intel64:*

enterprise_linux

Version:

6.0

CPE:

cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:intel64:*

This vulnerability affects 15 software configuration(s). Ensure you patch all affected systems.

References & Resources

Severity Details

7.8

out of 10.0

High

Weakness Type (CWE)

CWE-416 Top 25 #12

Use After Free

Description: The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations…
Exploit Likelihood: High
Typical Severity: High
Abstraction Level: Variant