Skip to main content

Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

© 2026 Mondoo, Inc.

Privacy Policy Terms of Service Imprint

Vulnerability Intelligence

CVE-2016-4913 | Mondoo Vulnerability Intelligence

Vulnerability IntelligenceCVE-2016-4913

CVE-2016-4913

HIGH7.8

The get_rock_ridge_filename function in fs/isofs/rock

Published May 23, 2016

Modified 1 years ago

Details

The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM (aka alternate name) entries containing \0 characters, which allows local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs filesystem.

References(28)

WEBhttp://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=99d825822eade8d827a1817357cbf3f889a552d6 ADVISORYhttp://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html ADVISORYhttp://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html ADVISORYhttp://www.debian.org/security/2016/dsa-3607 WEBhttp://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5 WEBhttp://www.openwall.com/lists/oss-security/2016/05/18/3 WEBhttp://www.openwall.com/lists/oss-security/2016/05/18/5 WEBhttp://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html WEBhttp://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html WEBhttp://www.securityfocus.com/bid/90730 ADVISORYhttp://www.ubuntu.com/usn/USN-3016-1 ADVISORYhttp://www.ubuntu.com/usn/USN-3016-2 ADVISORYhttp://www.ubuntu.com/usn/USN-3016-3 ADVISORYhttp://www.ubuntu.com/usn/USN-3016-4 ADVISORYhttp://www.ubuntu.com/usn/USN-3017-1 ADVISORYhttp://www.ubuntu.com/usn/USN-3017-2 ADVISORYhttp://www.ubuntu.com/usn/USN-3017-3 ADVISORYhttp://www.ubuntu.com/usn/USN-3018-1 ADVISORYhttp://www.ubuntu.com/usn/USN-3018-2 ADVISORYhttp://www.ubuntu.com/usn/USN-3019-1 ADVISORYhttp://www.ubuntu.com/usn/USN-3020-1 ADVISORYhttp://www.ubuntu.com/usn/USN-3021-1 ADVISORYhttp://www.ubuntu.com/usn/USN-3021-2 ADVISORYhttps://access.redhat.com/errata/RHSA-2018:3083 ADVISORYhttps://access.redhat.com/errata/RHSA-2018:3096

CVSS Analysis

CVSS v3.1

7.8

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

LowAC:L

Privileges Required

LowPR:L

User Interaction

NoneUI:N

Scope

Scope

UnchangedS:U

Impact

Confidentiality

HighC:H

Integrity

HighI:H

Availability

HighA:H

7.8/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Ecosystems

Timeline

PublishedMay 23, 2016

ModifiedAug 6, 2024