search

witchcraze / NVD_CHECK

1 stars 0 forks source link

CHK NVD : CVE-2016-7910 - aadaabc6 #5174

Closed witchcraze closed 1 week ago

witchcraze commented 1 week ago

[CVE Configuration Update Request] Update Suggestion - CVE-2016-7910 - Cvss2 : 9.3 [CVE Configuration Update Request] Update Suggestion - CVE-2016-7910 - Cvss3 : 7.8

https://www.linuxkernelcves.com/cves/CVE-2016-7910 https://gitlab.com/cip-project/cip-kernel/cip-kernel-sec/-/blob/master/issues/CVE-2016-7910.yml https://github.com/witchcraze/NVD_CHECK/blob/main/kernel/CVE-2016-7910.json

- CVE-2016-7910
- Suggested Configuration
  - OR
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 3.10.0 up to (excluding) 3.10.103
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 3.12.0 up to (excluding) 3.12.63
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 3.14.0 up to (excluding) 3.14.76
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 3.16.0 up to (excluding) 3.16.39
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 3.18.0 up to (excluding) 3.18.40
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 3.2.0 up to (excluding) 3.2.84
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.1.0 up to (excluding) 4.1.31
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.4.0 up to (excluding) 4.4.18
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.6.0 up to (excluding) 4.6.7
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.7.0 up to (excluding) 4.7.1
- Reference
  - https://github.com/torvalds/linux/commit/77da160530dd1dc94f6ae15a981f24e5f0021e84
  - https://www.kernel.org/pub//linux/kernel/v3.x/ChangeLog-3.10.103
  - https://www.kernel.org/pub//linux/kernel/v3.x/ChangeLog-3.12.63
  - https://www.kernel.org/pub//linux/kernel/v3.x/ChangeLog-3.14.76
  - https://www.kernel.org/pub//linux/kernel/v3.x/ChangeLog-3.16.39
  - https://www.kernel.org/pub//linux/kernel/v3.x/ChangeLog-3.18.40
  - https://www.kernel.org/pub//linux/kernel/v3.x/ChangeLog-3.2.84
  - https://www.kernel.org/pub//linux/kernel/v4.x/ChangeLog-4.1.31
  - https://www.kernel.org/pub//linux/kernel/v4.x/ChangeLog-4.4.18
  - https://www.kernel.org/pub//linux/kernel/v4.x/ChangeLog-4.6.7
  - https://www.kernel.org/pub//linux/kernel/v4.x/ChangeLog-4.7.1
- Reference (Commit)
  - block: fix use-after-free in seq file
    - Fixed by
      - - (77da160530dd1dc94f6ae15a981f24e5f0021e84) (upstream)
      - 3.10.103 (23cf0b7eeda4777d0bac40f05b3ce3c62e34c957)
      - 3.12.63 (8b85bc8b9e08482c7450b83e0a85532d8d87da49)
      - 3.14.76 (8cb3a41575d84a56f9dd7686286aafd84e5313c3)
      - 3.16.39 (2dabc3a663edfc35c2ab48f4d6b51114757b858c)
      - 3.18.40 (8bc7adafc3a58801319873cbfa38f4fc8e0047b4)
      - 3.2.84 (48e28a20b22794a94a65305299f83d183d274a39)
      - 4.1.31 (d9ee963b61b93366103b88f10495b4680b256273)
      - 4.4.18 (9a95c0cfc6f21b9ac66269d4782ea5a0f58cdf91)
      - 4.6.7 (199e5c223f1c0bf4b1c79b37a1a664a5d657ad5c)
      - 4.7.1 (aa56f0bd5d67d2eb0e59d6bc20578f83858ff43f)
    - Will be introduced by
- I Checked
  - XXXXXXXXXXXXXXXXXXXXXXXXXXXX is written as upstream commit in each ChangeLog
  - From XXXXXXXX commit page, XXXXXXXXXXX is the most oldest in commit-branches area
  - For 3.16.35, there is related post at lkml
  - For 3.16 series, 3.16.35 is the next release from 3.16.7 which was released at 2014
  - https://mirrors.edge.kernel.org/pub/linux/kernel/v3.x/
  - XXXX
https://nvd.nist.gov/vuln/detail/CVE-2016-7910 URI Start(Ex) Start(Inc) End(Ex) End(Inc)
cpe:/o:linux:linux_kernel 3.2.84
cpe:/o:linux:linux_kernel 3.11 3.12.63
cpe:/o:linux:linux_kernel 3.13 3.14.76
cpe:/o:linux:linux_kernel 3.15 3.16.39
cpe:/o:linux:linux_kernel 3.17 3.18.40
cpe:/o:linux:linux_kernel 3.19 4.1.31
cpe:/o:linux:linux_kernel 3.3 3.10.103
cpe:/o:linux:linux_kernel 4.2 4.4.18
cpe:/o:linux:linux_kernel 4.5 4.6.7
cpe:/o:linux:linux_kernel 4.7 4.7.1
witchcraze commented 1 week ago

ok