CVE-2016-10906

low-risk
Published 2019-08-19

An issue was discovered in drivers/net/ethernet/arc/emac_main.c in the Linux kernel before 4.5. A use-after-free is caused by a race condition between the functions arc_emac_tx and arc_emac_tx_clean.

Do I need to act?

-
0.07% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.0/10 High
LOCAL / HIGH complexity

Affected Products (1)

Affected Vendors

Linux

References (12)

http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackwar...
Patch https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c2...
https://seclists.org/bugtraq/2019/Nov/11
https://support.f5.com/csp/article/K01993501?utm_source=f5support&amp%3Butm_medi...
https://usn.ubuntu.com/4163-1/
https://usn.ubuntu.com/4163-2/
http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackwar...
Patch https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c2...
https://seclists.org/bugtraq/2019/Nov/11
https://support.f5.com/csp/article/K01993501?utm_source=f5support&amp%3Butm_medi...
https://usn.ubuntu.com/4163-1/
https://usn.ubuntu.com/4163-2/
23
/ 100
low-risk
Severity 18/34 · Moderate
Exploitability 0/34 · Minimal
Exposure 5/34 · Minimal