Vulnerability Report

CVE-2016-1583

Title: Novell Suse Linux Enterprise Software Development Kit Auth Bypass

Auth Bypass

Proof Of Concept

PoC Available for CVE-2016-1583

CWE Category CWE-119

Published Date Jun 27, 2016

Modified Date May 06, 2026

Exploit Status Available

Score 7.8 CVSS v3.1

Exploit Probability (EPSS)

0.42%

Vulnerability Summary

CVE-2016-1583: The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling.

Impacted Vendors

novell 1

suse 1

Reference Links

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2f36db71009304b3f0b95afacd8eba1f9f046b87 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f5364c150aa645b3d7daa21b5c0b9feaa1c9cd6d http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html http://packetstormsecurity.com/files/137560/Linux-ecryptfs-Stack-Overflow.html http://rhn.redhat.com/errata/RHSA-2016-2124.html http://rhn.redhat.com/errata/RHSA-2016-2766.html http://www.debian.org/security/2016/dsa-3607 http://www.openwall.com/lists/oss-security/2016/06/10/8 http://www.openwall.com/lists/oss-security/2016/06/22/1 http://www.securityfocus.com/bid/91157 http://www.securitytracker.com/id/1036763 http://www.ubuntu.com/usn/USN-2996-1 http://www.ubuntu.com/usn/USN-2997-1 http://www.ubuntu.com/usn/USN-2998-1 http://www.ubuntu.com/usn/USN-2999-1 http://www.ubuntu.com/usn/USN-3000-1 http://www.ubuntu.com/usn/USN-3001-1 http://www.ubuntu.com/usn/USN-3002-1 http://www.ubuntu.com/usn/USN-3003-1 http://www.ubuntu.com/usn/USN-3004-1 http://www.ubuntu.com/usn/USN-3005-1 http://www.ubuntu.com/usn/USN-3006-1 http://www.ubuntu.com/usn/USN-3007-1 http://www.ubuntu.com/usn/USN-3008-1 https://access.redhat.com/errata/RHSA-2017:2760 https://bugs.chromium.org/p/project-zero/issues/detail?id=836 https://bugzilla.redhat.com/show_bug.cgi?id=1344721 https://github.com/torvalds/linux/commit/2f36db71009304b3f0b95afacd8eba1f9f046b87 https://github.com/torvalds/linux/commit/f0fe970df3838c202ef6c07a4c2b36838ef0a88b https://github.com/torvalds/linux/commit/f5364c150aa645b3d7daa21b5c0b9feaa1c9cd6d https://www.exploit-db.com/exploits/39992/ https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.3 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2f36db71009304b3f0b95afacd8eba1f9f046b87 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f5364c150aa645b3d7daa21b5c0b9feaa1c9cd6d http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html http://packetstormsecurity.com/files/137560/Linux-ecryptfs-Stack-Overflow.html http://rhn.redhat.com/errata/RHSA-2016-2124.html http://rhn.redhat.com/errata/RHSA-2016-2766.html http://www.debian.org/security/2016/dsa-3607 http://www.openwall.com/lists/oss-security/2016/06/10/8 http://www.openwall.com/lists/oss-security/2016/06/22/1 http://www.securityfocus.com/bid/91157 http://www.securitytracker.com/id/1036763 http://www.ubuntu.com/usn/USN-2996-1 http://www.ubuntu.com/usn/USN-2997-1 http://www.ubuntu.com/usn/USN-2998-1 http://www.ubuntu.com/usn/USN-2999-1 http://www.ubuntu.com/usn/USN-3000-1 http://www.ubuntu.com/usn/USN-3001-1 http://www.ubuntu.com/usn/USN-3002-1 http://www.ubuntu.com/usn/USN-3003-1 http://www.ubuntu.com/usn/USN-3004-1 http://www.ubuntu.com/usn/USN-3005-1 http://www.ubuntu.com/usn/USN-3006-1 http://www.ubuntu.com/usn/USN-3007-1 http://www.ubuntu.com/usn/USN-3008-1 https://access.redhat.com/errata/RHSA-2017:2760 https://bugs.chromium.org/p/project-zero/issues/detail?id=836 https://bugzilla.redhat.com/show_bug.cgi?id=1344721 https://github.com/torvalds/linux/commit/2f36db71009304b3f0b95afacd8eba1f9f046b87 https://github.com/torvalds/linux/commit/f0fe970df3838c202ef6c07a4c2b36838ef0a88b https://github.com/torvalds/linux/commit/f5364c150aa645b3d7daa21b5c0b9feaa1c9cd6d https://www.exploit-db.com/exploits/39992/ https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.3

CVSS v3.1

Source Entity [email protected]

Severity HIGH

7.8

Attack Vector

LOCAL

Complexity

LOW

Privileges

N/A

Interaction

NONE

Confidentiality

N/A

Integrity

N/A

Availability

N/A

Scope

UNCHANGED

RAW VECTOR CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2.0

Source Entity [email protected]

Severity HIGH

7.2

Access Vector

N/A

Authentication

N/A

RAW VECTOR AV:L/AC:L/Au:N/C:C/I:C/A:C

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2016-1583 Exploits & PoCs (Proof Of Concept)

Exploit-DB https://www.exploit-db.com/exploits/39992

View Code

May 06, 2026 MODIFIED

Vulnerability data updated via NVD.

April 12, 2025 MODIFIED

Vulnerability data or affected products updated.

June 27, 2016 PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector LOCAL

Complexity LOW

Privileges N/A

Interaction NONE

CVSS Vector String


                                    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Stack

No specific products linked.