LoginH3C Security Vulnerability-Linux Kernel Denial of Service-CVE-2016-9191
04-02-2021
【Summary】
The cgroup offline implementation in the Linux kernel through 4.8.11 mishandles certain drain operations, which may make local users to cause a denial of service (system hang) by leveraging access to a container environment for executing a crafted application.
【Impact】
An unprivileged attacker could use this to cause a denial of service
【Software Versions and Fixes】
Product Name | Affected Version | Resolved Product and Version |
VSR | All | Upgrade to E0519L03 |
Wireless AC/AP | All | Upgrade to CMW710-R5213 |
SR88x/CR16K | All | TBC before Oct 31,2018 |
CR19000/CR16000-X | All | TBC before Oct 31,2018 |
CAS | All | Upgrade to E0306H11 |
【Temporary Fix】
None
【Revision History】
2018-08-24 V1.0 INITIAL
H3C advocates that every effort be made to safeguard the ultimate interests of product users, to abide by principles of responsible disclosure of security incidents, and to handle product security issues in accordance with security issues mechanisms. For information on H3C's security emergency response service and H3C product vulnerabilities, please visithttps://www.h3c.com/en/Support/Online_Help/psirt/.
