CVE-2016-2085

Published: Apr 27, 2016

Modified: Aug 5, 2024

PUBLISHED

Description

The evm_verify_hmac function in security/integrity/evm/evm_main.c in the Linux kernel before 4.5 does not properly copy data, which makes it easier for local users to forge MAC values via a timing side-channel attack.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

USN-2949-1

vendor-advisory

x_refsource_UBUNTU

https://bugzilla.redhat.com/show_bug.cgi?id=1324867

x_refsource_CONFIRM

https://security-tracker.debian.org/tracker/CVE-2016-2085

x_refsource_CONFIRM

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=613317bd212c585c20796c10afe5daaa95d4b0a1

x_refsource_CONFIRM

USN-2947-3

vendor-advisory

x_refsource_UBUNTU

USN-2947-2

vendor-advisory

x_refsource_UBUNTU

https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-2085.html

x_refsource_CONFIRM

USN-2947-1

vendor-advisory

x_refsource_UBUNTU

USN-2946-2

vendor-advisory

x_refsource_UBUNTU

https://github.com/torvalds/linux/commit/613317bd212c585c20796c10afe5daaa95d4b0a1

x_refsource_CONFIRM

USN-2948-1

vendor-advisory

x_refsource_UBUNTU

USN-2946-1

vendor-advisory

x_refsource_UBUNTU

USN-2948-2

vendor-advisory

x_refsource_UBUNTU

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2016-2085

Description

Affected Products

References