CVE-2016-3134

HIGH
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call.

References

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54d83fc74aa9ec72794373cb47432c5f7fb1a309

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html

http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html

http://rhn.redhat.com/errata/RHSA-2016-1847.html

http://rhn.redhat.com/errata/RHSA-2016-1875.html

http://rhn.redhat.com/errata/RHSA-2016-1883.html

http://www.debian.org/security/2016/dsa-3607

http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html

http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html

http://www.securityfocus.com/bid/84305

http://www.securitytracker.com/id/1036763

http://www.ubuntu.com/usn/USN-2929-1

http://www.ubuntu.com/usn/USN-2929-2

http://www.ubuntu.com/usn/USN-2930-1

http://www.ubuntu.com/usn/USN-2930-2

http://www.ubuntu.com/usn/USN-2930-3

http://www.ubuntu.com/usn/USN-2931-1

http://www.ubuntu.com/usn/USN-2932-1

http://www.ubuntu.com/usn/USN-3049-1

http://www.ubuntu.com/usn/USN-3050-1

https://bugzilla.redhat.com/show_bug.cgi?id=1317383

https://code.google.com/p/google-security-research/issues/detail?id=758

https://github.com/torvalds/linux/commit/54d83fc74aa9ec72794373cb47432c5f7fb1a309

Details

Source: MITRE

Published: 2016-04-27

Updated: 2018-01-05

Type: CWE-119

Risk Information

CVSS v2

Base Score: 7.2

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.9

Severity: HIGH

CVSS v3

Base Score: 8.4

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 2.5

Severity: HIGH

Tenable Plugins

View all (46 total)

IDNameProductFamilySeverity
124816EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1492)NessusHuawei Local Security Checks
critical
124796EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1472)NessusHuawei Local Security Checks
high
99811EulerOS 2.0 SP1 : kernel (EulerOS-SA-2016-1048)NessusHuawei Local Security Checks
high
99163OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0057) (Dirty COW)NessusOracleVM Local Security Checks
critical
94929OracleVM 3.2 : Unbreakable / etc (OVMSA-2016-0158) (Dirty COW)NessusOracleVM Local Security Checks
high
93908OracleVM 3.3 : Unbreakable / etc (OVMSA-2016-0139)NessusOracleVM Local Security Checks
high
93907OracleVM 3.4 : Unbreakable / etc (OVMSA-2016-0138)NessusOracleVM Local Security Checks
high
93906Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2016-3625)NessusOracle Linux Local Security Checks
high
93905Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2016-3624)NessusOracle Linux Local Security Checks
high
93904Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2016-3623)NessusOracle Linux Local Security Checks
high
93594CentOS 7 : kernel (CESA-2016:1847)NessusCentOS Local Security Checks
high
93557Scientific Linux Security Update : kernel on SL7.x x86_64 (20160915)NessusScientific Linux Local Security Checks
high
93556RHEL 7 : kernel-rt (RHSA-2016:1875)NessusRed Hat Local Security Checks
high
93555RHEL 7 : kernel (RHSA-2016:1847)NessusRed Hat Local Security Checks
high
93504RHEL 6 : MRG (RHSA-2016:1883)NessusRed Hat Local Security Checks
high
93501Oracle Linux 7 : kernel (ELSA-2016-1847)NessusOracle Linux Local Security Checks
high
93445openSUSE Security Update : the Linux Kernel (openSUSE-2016-1076)NessusSuSE Local Security Checks
critical
93370SUSE SLES11 Security Update : kernel (SUSE-SU-2016:2245-1)NessusSuSE Local Security Checks
critical
93289SUSE SLES11 Security Update : kernel (SUSE-SU-2016:2074-1)NessusSuSE Local Security Checks
critical
93283SUSE SLES12 Security Update : kernel (SUSE-SU-2016:2014-1)NessusSuSE Local Security Checks
high
93280SUSE SLES12 Security Update : kernel (SUSE-SU-2016:2010-1)NessusSuSE Local Security Checks
high
93278SUSE SLES12 Security Update : kernel (SUSE-SU-2016:2006-1)NessusSuSE Local Security Checks
high
93277SUSE SLES12 Security Update : kernel (SUSE-SU-2016:2005-1)NessusSuSE Local Security Checks
high
93276SUSE SLES12 Security Update : kernel (SUSE-SU-2016:2002-1)NessusSuSE Local Security Checks
high
93275SUSE SLES12 Security Update : kernel (SUSE-SU-2016:2001-1)NessusSuSE Local Security Checks
high
93270SUSE SLES12 Security Update : kernel (SUSE-SU-2016:1995-1)NessusSuSE Local Security Checks
high
93168SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2016:1696-1)NessusSuSE Local Security Checks
high
93165SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2016:1690-1)NessusSuSE Local Security Checks
high
93164SUSE SLES11 Security Update : kernel (SUSE-SU-2016:1672-1)NessusSuSE Local Security Checks
high
93104openSUSE Security Update : the Linux Kernel (openSUSE-2016-1015)NessusSuSE Local Security Checks
critical
92860Ubuntu 12.04 LTS : linux vulnerabilities (USN-3049-1)NessusUbuntu Local Security Checks
high
92007openSUSE Security Update : the Linux Kernel (openSUSE-2016-862)NessusSuSE Local Security Checks
high
91886Debian DSA-3607-1 : linux - security updateNessusDebian Local Security Checks
critical
91736openSUSE Security Update : the Linux Kernel (openSUSE-2016-753)NessusSuSE Local Security Checks
critical
91687Debian DLA-516-1 : linux security updateNessusDebian Local Security Checks
critical
90778Amazon Linux AMI : kernel (ALAS-2016-694)NessusAmazon Linux Local Security Checks
critical
90330Fedora 24 : kernel-4.5.0-302.fc24 (2016-81fd1b03aa)NessusFedora Local Security Checks
high
90131Fedora 22 : kernel-4.4.6-200.fc22 (2016-3a57b19360)NessusFedora Local Security Checks
high
90128Fedora 23 : kernel-4.4.6-300.fc23 (2016-02ed08bf15)NessusFedora Local Security Checks
high
89995Ubuntu 15.10 : linux-raspi2 vulnerabilities (USN-2930-3)NessusUbuntu Local Security Checks
high
89937Ubuntu 14.04 LTS : linux-lts-vivid vulnerabilities (USN-2932-1)NessusUbuntu Local Security Checks
high
89936Ubuntu 14.04 LTS : linux-lts-utopic vulnerabilities (USN-2931-1)NessusUbuntu Local Security Checks
high
89935Ubuntu 14.04 LTS : linux-lts-wily vulnerabilities (USN-2930-2)NessusUbuntu Local Security Checks
high
89934Ubuntu 15.10 : linux vulnerabilities (USN-2930-1)NessusUbuntu Local Security Checks
high
89933Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2929-2)NessusUbuntu Local Security Checks
high
89932Ubuntu 14.04 LTS : linux vulnerabilities (USN-2929-1)NessusUbuntu Local Security Checks
high