BUG ID: 1353490 (CVE-2016-6156) Vulnerability Type: Race condition vulnerability in Chrome driver Reported Date: 2016-07-07 09:26 UTC Modified Date: 2021-10-21 00:53 UTC Status: CLOSED ERRATA Product: Security Response Component: vulnerability Keywords: Security Priority: medium Severity: medium OS: Linux Description: Double-fetch vulnerability found in /drivers/platform/chrome/cros_ec_dev.c in the Chrome driver in the Linux kernel before 4.6.1. The vulnerability occurs in ec_device_ioctl_xcmd() function where the driver fetches user space data twice via copy_from_user() at two different lines. Links: - Upstream bug: https://bugzilla.kernel.org/show_bug.cgi?id=120131 - Upstream patch: https://github.com/torvalds/linux/commit/096cdc6f52225835ff503f987a0d68ef770bb78e - Bugtraq post: http://seclists.org/bugtraq/2016/Jul/20 Affected: Fedora-all, but not Red Hat Enterprise Linux products. Updates: - kernel-4.6.4-201.fc23 for Fedora 23 stable repository - kernel-4.6.4-301.fc24 for Fedora 24 stable repository