fs/namespace.c in the Linux kernel before 4.9 does not restrict how many mounts may exist in a mount namespace, which allows local users to cause a denial of service (memory consumption and deadlock) via MS_BIND mount system calls, as demonstrated by a loop that triggers exponential growth in the number of mounts.
[
{
"signature_version": "v1",
"target": {
"file": "fs/namespace.c",
"function": "umount_tree"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@d29216842a85c7970c536108e093963f02714498",
"signature_type": "Function",
"id": "CVE-2016-6213-0a193d25",
"deprecated": false,
"digest": {
"function_hash": "48974322948025884410671527346426532110",
"length": 1090.0
}
},
{
"signature_version": "v1",
"target": {
"file": "fs/namespace.c",
"function": "create_mnt_ns"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@d29216842a85c7970c536108e093963f02714498",
"signature_type": "Function",
"id": "CVE-2016-6213-201686dc",
"deprecated": false,
"digest": {
"function_hash": "112098087970143493952151415721864003313",
"length": 288.0
}
},
{
"signature_version": "v1",
"target": {
"file": "fs/mount.h"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@d29216842a85c7970c536108e093963f02714498",
"signature_type": "Line",
"id": "CVE-2016-6213-2d33118c",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"283877757348256501861617877780473264601",
"211207910224455600950734774880704567345",
"213826983288497304936043419585932654516",
"69519866164634297629989320573277228893"
]
}
},
{
"signature_version": "v1",
"target": {
"file": "fs/namespace.c",
"function": "attach_recursive_mnt"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@d29216842a85c7970c536108e093963f02714498",
"signature_type": "Function",
"id": "CVE-2016-6213-522d63fc",
"deprecated": false,
"digest": {
"function_hash": "117417661218945425823509562703351430588",
"length": 1100.0
}
},
{
"signature_version": "v1",
"target": {
"file": "fs/pnode.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@d29216842a85c7970c536108e093963f02714498",
"signature_type": "Line",
"id": "CVE-2016-6213-54338d37",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"82880633212614623274528116873157706357",
"22420417550277785685959111170919966544",
"991282485052160349277743589079702778",
"20157162364387533529770284280725714882"
]
}
},
{
"signature_version": "v1",
"target": {
"file": "kernel/sysctl.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@d29216842a85c7970c536108e093963f02714498",
"signature_type": "Line",
"id": "CVE-2016-6213-59e6135b",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"40787931177506522040718494784128724031",
"160895984160860149062707021438096825618",
"221920485360236490955803123340700384173",
"301468491960768459363094458455371122266",
"186938927205190986889744605964351411166",
"10793930390380571937379846818339537798",
"56765540983682963440663284605035706805",
"63598946016393672720631452802178432673"
]
}
},
{
"signature_version": "v1",
"target": {
"file": "fs/namespace.c",
"function": "copy_mnt_ns"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@d29216842a85c7970c536108e093963f02714498",
"signature_type": "Function",
"id": "CVE-2016-6213-693d8ad2",
"deprecated": false,
"digest": {
"function_hash": "69774994944038580265038027374528082674",
"length": 1322.0
}
},
{
"signature_version": "v1",
"target": {
"file": "include/linux/mount.h"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@d29216842a85c7970c536108e093963f02714498",
"signature_type": "Line",
"id": "CVE-2016-6213-69bbb3ce",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"192625227643513471338988658610626348448"
]
}
},
{
"signature_version": "v1",
"target": {
"file": "fs/pnode.h"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@d29216842a85c7970c536108e093963f02714498",
"signature_type": "Line",
"id": "CVE-2016-6213-88ef3895",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"223567017424473738089805573065073136966",
"4408732730562548095314807543314518691"
]
}
},
{
"signature_version": "v1",
"target": {
"file": "fs/pnode.c",
"function": "propagate_one"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@d29216842a85c7970c536108e093963f02714498",
"signature_type": "Function",
"id": "CVE-2016-6213-9e15ae53",
"deprecated": false,
"digest": {
"function_hash": "165914881865293695023476426374343108438",
"length": 1194.0
}
},
{
"signature_version": "v1",
"target": {
"file": "fs/namespace.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@d29216842a85c7970c536108e093963f02714498",
"signature_type": "Line",
"id": "CVE-2016-6213-a8e270ec",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"275453129555094832125843717908735117296",
"127695287949583500167063258545318651450",
"117877697411784959246346295605656620944",
"205004130989303399066509326106467084792",
"308639609241868125086825754237861858374",
"184164616596354869044459964705737336896",
"19676239555831356697545955422167672201",
"101862367621824932909587056816033028623",
"84559196435248390345247846570416930339",
"110672094078243952940764072463572527818",
"285268753190107707041817355007875893125",
"201340391112045137807134389074150988527",
"73542373834017469279854910191453097509",
"255170117916037797856338246778320649859",
"323936774444709505385082593270157708584",
"198010118263831630775228987080175661499",
"289109071388975810541750296594581584628",
"295045887030983886320676845382999115492",
"57617081880845728555902688768162086436",
"39525800163726238444499126821658211350",
"292590138550980030647927190680390754644",
"279298184817706623690873783701778973496",
"46371579365414803664158242077849227333",
"232999378931754921301564283729070345724",
"99932315268537425492902385926210290121",
"55042473979162790913670139901638557145",
"92504430817333740759454416591137486170",
"32147201857264898554204832228823521754",
"231297463316610734747395990349358147679",
"1544770855831856677503085247135296781",
"9233193729024233764628935934517814909",
"217699683427605886617521088311683162636",
"42842454244106384193177956495760853129",
"139533997706651338150277841076872561162",
"138653960975916659286853686866664070580",
"142363840835534365522343612220655441148",
"121342116810003742437606551191184503403",
"256407745003371923549505280207389492115",
"123720570005497891400849323797969196767",
"265964555788875560958028043398156835334",
"86923641013386714917418467079347187411",
"233574423865539504431869154240332456482",
"223713092936420452142230574135317847433",
"5511697152188452843771551269693202123",
"315012522082879124458914131967571270008",
"238887641526321958400465994158435647237"
]
}
},
{
"signature_version": "v1",
"target": {
"file": "fs/namespace.c",
"function": "alloc_mnt_ns"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@d29216842a85c7970c536108e093963f02714498",
"signature_type": "Function",
"id": "CVE-2016-6213-ab16f86c",
"deprecated": false,
"digest": {
"function_hash": "140738391527771132489614854811228042022",
"length": 670.0
}
},
{
"signature_version": "v1",
"target": {
"file": "fs/namespace.c",
"function": "commit_tree"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@d29216842a85c7970c536108e093963f02714498",
"signature_type": "Function",
"id": "CVE-2016-6213-ff3a1f0c",
"deprecated": false,
"digest": {
"function_hash": "25791769572444441378008175375400026323",
"length": 398.0
}
}
]
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-6213.json"