CVE-2016-8399

HIGH

Description

An elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and current compiler optimizations restrict access to the vulnerable code. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31349935.

References

http://rhn.redhat.com/errata/RHSA-2017-0817.html

http://www.securityfocus.com/bid/94708

https://access.redhat.com/errata/RHSA-2017:0869

https://access.redhat.com/errata/RHSA-2017:2930

https://access.redhat.com/errata/RHSA-2017:2931

https://source.android.com/security/bulletin/2016-12-01.html

Details

Source: MITRE

Published: 2017-01-12

Updated: 2018-01-05

Type: CWE-284

Risk Information

CVSS v2.0

Base Score: 7.6

Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C)

Impact Score: 10

Exploitability Score: 4.9

Severity: HIGH

CVSS v3.0

Base Score: 7

Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1

Severity: HIGH

Tenable Plugins

View all (40 total)

ID	Name	Product	Family	Severity
104132	Virtuozzo 7 : readykernel-patch (VZA-2017-098)	Nessus	Virtuozzo Local Security Checks	high
104131	Virtuozzo 7 : readykernel-patch (VZA-2017-097)	Nessus	Virtuozzo Local Security Checks	high
104107	F5 Networks BIG-IP : Linux kernel vulnerability (K23030550)	Nessus	F5 Networks Local Security Checks	high
104106	CentOS 7 : kernel (CESA-2017:2930)	Nessus	CentOS Local Security Checks	high
104088	Oracle Linux 7 : kernel (ELSA-2017-2930-1) (BlueBorne)	Nessus	Oracle Linux Local Security Checks	critical
104008	Scientific Linux Security Update : kernel on SL7.x x86_64	Nessus	Scientific Linux Local Security Checks	high
104004	RHEL 7 : kernel-rt (RHSA-2017:2931)	Nessus	Red Hat Local Security Checks	high
104003	RHEL 7 : kernel (RHSA-2017:2930)	Nessus	Red Hat Local Security Checks	high
104001	Oracle Linux 7 : kernel (ELSA-2017-2930)	Nessus	Oracle Linux Local Security Checks	high
102774	OracleVM 3.4 : Unbreakable / etc (OVMSA-2017-0145) (Stack Clash)	Nessus	OracleVM Local Security Checks	critical
102773	Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3609) (Stack Clash)	Nessus	Oracle Linux Local Security Checks	critical
100238	OracleVM 3.2 : Unbreakable / etc (OVMSA-2017-0106)	Nessus	OracleVM Local Security Checks	critical
100237	OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0105)	Nessus	OracleVM Local Security Checks	critical
100235	Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2017-3567)	Nessus	Oracle Linux Local Security Checks	critical
100234	Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3566)	Nessus	Oracle Linux Local Security Checks	critical
99337	RHEL 6 : kernel (RHSA-2017:0869)	Nessus	Red Hat Local Security Checks	high
99218	Scientific Linux Security Update : kernel on SL6.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	high
99164	OracleVM 3.2 : Unbreakable / etc (OVMSA-2017-0058)	Nessus	OracleVM Local Security Checks	high
99163	OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0057) (Dirty COW)	Nessus	OracleVM Local Security Checks	critical
99162	OracleVM 3.4 : Unbreakable / etc (OVMSA-2017-0056)	Nessus	OracleVM Local Security Checks	high
99161	Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2017-3535)	Nessus	Oracle Linux Local Security Checks	high
99160	Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3534)	Nessus	Oracle Linux Local Security Checks	high
99159	Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3533)	Nessus	Oracle Linux Local Security Checks	high
99106	Virtuozzo 6 : parallels-server-bm-release / vzkernel / etc (VZA-2017-025)	Nessus	Virtuozzo Local Security Checks	critical
99074	Oracle Linux 6 : kernel (ELSA-2017-0817)	Nessus	Oracle Linux Local Security Checks	high
97962	CentOS 6 : kernel (CESA-2017:0817)	Nessus	CentOS Local Security Checks	high
97886	RHEL 6 : kernel (RHSA-2017:0817)	Nessus	Red Hat Local Security Checks	high
97297	SUSE SLES11 Security Update : kernel (SUSE-SU-2017:0494-1)	Nessus	SuSE Local Security Checks	critical
97205	SUSE SLES12 Security Update : kernel (SUSE-SU-2017:0471-1)	Nessus	SuSE Local Security Checks	high
97189	SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:0464-1)	Nessus	SuSE Local Security Checks	high
97098	Ubuntu 16.10 : linux-raspi2 vulnerabilities (USN-3190-2)	Nessus	Ubuntu Local Security Checks	critical
97097	SUSE SLES11 Security Update : kernel (SUSE-SU-2017:0437-1)	Nessus	SuSE Local Security Checks	critical
97018	Ubuntu 16.10 : linux vulnerabilities (USN-3190-1)	Nessus	Ubuntu Local Security Checks	critical
97017	Ubuntu 14.04 LTS : linux-lts-xenial vulnerabilities (USN-3189-2)	Nessus	Ubuntu Local Security Checks	high
97016	Ubuntu 16.04 LTS : linux, linux-raspi2, linux-snapdragon vulnerabilities (USN-3189-1)	Nessus	Ubuntu Local Security Checks	high
96903	SUSE SLES11 Security Update : kernel (SUSE-SU-2017:0333-1)	Nessus	SuSE Local Security Checks	critical
96284	Amazon Linux AMI : kernel (ALAS-2017-782)	Nessus	Amazon Linux Local Security Checks	high
96188	Debian DLA-772-1 : linux security update	Nessus	Debian Local Security Checks	critical
96027	Fedora 24 : kernel (2016-e5b72816d0)	Nessus	Fedora Local Security Checks	high
96019	Fedora 25 : kernel (2016-02db2f32fd)	Nessus	Fedora Local Security Checks	high