{"id":"CVE-2016-4558","details":"The BPF subsystem in the Linux kernel before 4.5.5 mishandles reference counts, which allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted application on (1) a system with more than 32 Gb of memory, related to the program reference count or (2) a 1 Tb system, related to the map reference count.","modified":"2026-03-15T22:22:12.852044Z","published":"2016-05-23T10:59:04.783Z","related":["openSUSE-SU-2024:10128-1"],"references":[{"type":"ADVISORY","url":"https://github.com/torvalds/linux/commit/92117d8443bc5afacc8d5ba82e541946310f106e"},{"type":"ADVISORY","url":"http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=92117d8443bc5afacc8d5ba82e541946310f106e"},{"type":"ADVISORY","url":"http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2016/05/06/4"},{"type":"ADVISORY","url":"http://www.ubuntu.com/usn/USN-3005-1"},{"type":"ADVISORY","url":"http://www.ubuntu.com/usn/USN-3006-1"},{"type":"ADVISORY","url":"http://www.ubuntu.com/usn/USN-3007-1"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1334303"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-4558.json","unresolved_ranges":[{"events":[{"introduced":"4.4"},{"fixed":"4.4.11"}]},{"events":[{"introduced":"4.5"},{"fixed":"4.5.5"}]},{"events":[{"introduced":"0"},{"last_affected":"14.04"}]},{"events":[{"introduced":"0"},{"last_affected":"16.04"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}