CVE-2016-2143

NameCVE-2016-2143
DescriptionThe fork implementation in the Linux kernel before 4.5 on s390 platforms mishandles the case of four page-table levels, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted application, related to arch/s390/include/asm/mmu_context.h and arch/s390/include/asm/pgalloc.h.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-516-1, DSA-3607-1
NVD severitymedium

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
linux (PTS)stretch4.9.210-1fixed
stretch (security)4.9.210-1+deb9u1fixed
buster4.19.118-2fixed
buster (security)4.19.118-2+deb10u1fixed
bullseye, sid5.7.6-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
linuxsource(unstable)4.4.6-1
linuxsourcejessie3.16.7-ckt25-2+deb8u2DSA-3607-1
linuxsourcewheezy3.2.81-1DLA-516-1

Notes

[wheezy] - linux <no-dsa> (Architecture not supported in Wheezy LTS)
Fixed by: https://git.kernel.org/linus/3446c13b268af86391d06611327006b059b8bab1 (v4.5)
Introduced in: https://git.kernel.org/linus/6252d702c5311ce916caf75ed82e5c8245171c92 (v2.6.25-rc1)

Search for package or bug name: Reporting problems