The IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel before 4.6 allows local users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from kernel heap memory by leveraging in-container root access to provide a crafted offset value that leads to crossing a ruleset blob boundary.
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html
http://rhn.redhat.com/errata/RHSA-2016-1847.html
http://rhn.redhat.com/errata/RHSA-2016-1875.html
http://rhn.redhat.com/errata/RHSA-2016-1883.html
http://rhn.redhat.com/errata/RHSA-2017-0036.html
http://www.debian.org/security/2016/dsa-3607
http://www.openwall.com/lists/oss-security/2016/06/24/5
http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
http://www.securityfocus.com/bid/91451
http://www.securitytracker.com/id/1036171
http://www.ubuntu.com/usn/USN-3016-1
http://www.ubuntu.com/usn/USN-3016-2
http://www.ubuntu.com/usn/USN-3016-3
http://www.ubuntu.com/usn/USN-3016-4
http://www.ubuntu.com/usn/USN-3017-1
http://www.ubuntu.com/usn/USN-3017-2
http://www.ubuntu.com/usn/USN-3017-3
http://www.ubuntu.com/usn/USN-3018-1
http://www.ubuntu.com/usn/USN-3018-2
http://www.ubuntu.com/usn/USN-3019-1
http://www.ubuntu.com/usn/USN-3020-1
https://bugzilla.redhat.com/show_bug.cgi?id=1349886
https://github.com/torvalds/linux/commit/6e94e0cfb0887e4013b3b930fa6ab1fe6bb6ba91
Source: MITRE
Published: 2016-07-03
Updated: 2019-12-27
Type: CWE-119
Base Score: 5.6
Vector: AV:L/AC:L/Au:N/C:P/I:N/A:C
Impact Score: 7.8
Exploitability Score: 3.9
Severity: MEDIUM
Base Score: 7.1
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Impact Score: 5.2
Exploitability Score: 1.8
Severity: HIGH
OR
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions up to 4.5.5 (inclusive)
OR
OR
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
ID | Name | Product | Family | Severity |
---|---|---|---|---|
125100 | EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1494) | Nessus | Huawei Local Security Checks | high |
124972 | EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1519) | Nessus | Huawei Local Security Checks | high |
101405 | Virtuozzo 6 : kernel / kernel-abi-whitelists / kernel-debug / etc (VZLSA-2017-0036) | Nessus | Virtuozzo Local Security Checks | critical |
99927 | openSUSE Security Update : the Linux Kernel (openSUSE-2017-532) | Nessus | SuSE Local Security Checks | high |
99811 | EulerOS 2.0 SP1 : kernel (EulerOS-SA-2016-1048) | Nessus | Huawei Local Security Checks | high |
99163 | OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0057) (Dirty COW) | Nessus | OracleVM Local Security Checks | critical |
97205 | SUSE SLES12 Security Update : kernel (SUSE-SU-2017:0471-1) | Nessus | SuSE Local Security Checks | high |
96903 | SUSE SLES11 Security Update : kernel (SUSE-SU-2017:0333-1) | Nessus | SuSE Local Security Checks | critical |
96481 | Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20170110) | Nessus | Scientific Linux Local Security Checks | critical |
96456 | CentOS 6 : kernel (CESA-2017:0036) | Nessus | CentOS Local Security Checks | critical |
96403 | RHEL 6 : kernel (RHSA-2017:0036) | Nessus | Red Hat Local Security Checks | critical |
96401 | Oracle Linux 6 : kernel (ELSA-2017-0036) | Nessus | Oracle Linux Local Security Checks | critical |
95536 | SUSE SLES11 Security Update : kernel (SUSE-SU-2016:2976-1) | Nessus | SuSE Local Security Checks | critical |
94929 | OracleVM 3.2 : Unbreakable / etc (OVMSA-2016-0158) (Dirty COW) | Nessus | OracleVM Local Security Checks | high |
93709 | OracleVM 3.4 : Unbreakable / etc (OVMSA-2016-0134) | Nessus | OracleVM Local Security Checks | high |
93680 | OracleVM 3.3 : Unbreakable / etc (OVMSA-2016-0133) | Nessus | OracleVM Local Security Checks | high |
93678 | Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2016-3619) | Nessus | Oracle Linux Local Security Checks | high |
93677 | Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2016-3618) | Nessus | Oracle Linux Local Security Checks | high |
93676 | Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2016-3617) | Nessus | Oracle Linux Local Security Checks | high |
93594 | CentOS 7 : kernel (CESA-2016:1847) | Nessus | CentOS Local Security Checks | high |
93557 | Scientific Linux Security Update : kernel on SL7.x x86_64 (20160915) | Nessus | Scientific Linux Local Security Checks | high |
93556 | RHEL 7 : kernel-rt (RHSA-2016:1875) | Nessus | Red Hat Local Security Checks | high |
93555 | RHEL 7 : kernel (RHSA-2016:1847) | Nessus | Red Hat Local Security Checks | high |
93504 | RHEL 6 : MRG (RHSA-2016:1883) | Nessus | Red Hat Local Security Checks | high |
93501 | Oracle Linux 7 : kernel (ELSA-2016-1847) | Nessus | Oracle Linux Local Security Checks | high |
93445 | openSUSE Security Update : the Linux Kernel (openSUSE-2016-1076) | Nessus | SuSE Local Security Checks | critical |
93370 | SUSE SLES11 Security Update : kernel (SUSE-SU-2016:2245-1) | Nessus | SuSE Local Security Checks | critical |
93299 | SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2016:2105-1) | Nessus | SuSE Local Security Checks | high |
93216 | openSUSE Security Update : the Linux Kernel (openSUSE-2016-1029) | Nessus | SuSE Local Security Checks | high |
93172 | SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2016:1710-1) | Nessus | SuSE Local Security Checks | high |
93171 | SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2016:1709-1) | Nessus | SuSE Local Security Checks | high |
92442 | Fedora 22 : kernel (2016-63ee0999e4) | Nessus | Fedora Local Security Checks | high |
92256 | Fedora 23 : kernel (2016-73a733f4d9) | Nessus | Fedora Local Security Checks | high |
92232 | Fedora 24 : kernel (2016-1c409313f4) | Nessus | Fedora Local Security Checks | high |
91886 | Debian DSA-3607-1 : linux - security update | Nessus | Debian Local Security Checks | critical |
91883 | Ubuntu 14.04 LTS : linux-lts-vivid vulnerabilities (USN-3020-1) | Nessus | Ubuntu Local Security Checks | high |
91882 | Ubuntu 14.04 LTS : linux-lts-utopic vulnerabilities (USN-3019-1) | Nessus | Ubuntu Local Security Checks | high |
91881 | Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-3018-2) | Nessus | Ubuntu Local Security Checks | high |
91880 | Ubuntu 14.04 LTS : linux vulnerabilities (USN-3018-1) | Nessus | Ubuntu Local Security Checks | high |
91879 | Ubuntu 14.04 LTS : linux-lts-wily vulnerabilities (USN-3017-3) | Nessus | Ubuntu Local Security Checks | high |
91878 | Ubuntu 15.10 : linux-raspi2 vulnerabilities (USN-3017-2) | Nessus | Ubuntu Local Security Checks | high |
91877 | Ubuntu 15.10 : linux vulnerabilities (USN-3017-1) | Nessus | Ubuntu Local Security Checks | high |
91876 | Ubuntu 14.04 LTS : linux-lts-xenial vulnerabilities (USN-3016-4) | Nessus | Ubuntu Local Security Checks | high |
91875 | Ubuntu 16.04 LTS : linux-snapdragon vulnerabilities (USN-3016-3) | Nessus | Ubuntu Local Security Checks | high |
91874 | Ubuntu 16.04 LTS : linux-raspi2 vulnerabilities (USN-3016-2) | Nessus | Ubuntu Local Security Checks | high |
91873 | Ubuntu 16.04 LTS : linux vulnerabilities (USN-3016-1) | Nessus | Ubuntu Local Security Checks | high |
91858 | Amazon Linux AMI : kernel (ALAS-2016-718) | Nessus | Amazon Linux Local Security Checks | high |