retired/CVE-2016-7916


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17

Description:
 Race condition in the environ_read function in fs/proc/base.c in the Linux kernel
 before 4.5.4 allows local users to obtain sensitive information from kernel memory
 by reading a /proc/*/environ file during a process-setup time interval in which
 environment-variable copying is incomplete. 
References:
 http://source.android.com/security/bulletin/2016-11-01.html
 https://bugzilla.kernel.org/show_bug.cgi?id=116461
 https://forums.grsecurity.net/viewtopic.php?f=3&t=4363 
Notes:
Bugs:
upstream: released (4.6-rc7) [8148a73c9901a8794a50f950083c00ccf97d43b3]
3.16-upstream-stable: released (3.16.36)
3.2-upstream-stable: released (3.2.81)
sid: released (4.5.4-1)
3.16-jessie-security: released (3.16.36-1)
3.2-wheezy-security: released (3.2.81-1)