CVE-2016-8655

HIGH

Description

Race condition in net/packet/af_packet.c in the Linux kernel through 4.8.12 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging the CAP_NET_RAW capability to change a socket version, related to the packet_set_ring and packet_setsockopt functions.

References

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=84ac7260236a49c79eede91617700174c2c19b0c

http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00044.html

http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00054.html

http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00055.html

http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00056.html

http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00067.html

http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00070.html

http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00073.html

http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00076.html

http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00077.html

http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00087.html

http://packetstormsecurity.com/files/140063/Linux-Kernel-4.4.0-AF_PACKET-Race-Condition-Privilege-Escalation.html

http://rhn.redhat.com/errata/RHSA-2017-0386.html

http://rhn.redhat.com/errata/RHSA-2017-0387.html

http://rhn.redhat.com/errata/RHSA-2017-0402.html

http://www.openwall.com/lists/oss-security/2016/12/06/1

http://www.securityfocus.com/bid/94692

http://www.securitytracker.com/id/1037403

http://www.securitytracker.com/id/1037968

http://www.ubuntu.com/usn/USN-3149-1

http://www.ubuntu.com/usn/USN-3149-2

http://www.ubuntu.com/usn/USN-3150-1

http://www.ubuntu.com/usn/USN-3150-2

http://www.ubuntu.com/usn/USN-3151-1

http://www.ubuntu.com/usn/USN-3151-2

http://www.ubuntu.com/usn/USN-3151-3

http://www.ubuntu.com/usn/USN-3151-4

http://www.ubuntu.com/usn/USN-3152-1

http://www.ubuntu.com/usn/USN-3152-2

https://bugzilla.redhat.com/show_bug.cgi?id=1400019

https://github.com/torvalds/linux/commit/84ac7260236a49c79eede91617700174c2c19b0c

https://source.android.com/security/bulletin/2017-03-01.html

https://www.exploit-db.com/exploits/40871/

https://www.exploit-db.com/exploits/44696/

Details

Source: MITRE

Published: 2016-12-08

Updated: 2018-05-25

Type: CWE-362

Risk Information

CVSS v2.0

Base Score: 7.2

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.9

Severity: HIGH

CVSS v3.0

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1.8

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions up to 4.8.12 (inclusive)

Tenable Plugins

View all (47 total)

IDNameProductFamilySeverity
124819EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1496)NessusHuawei Local Security Checks
critical
124806EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1482)NessusHuawei Local Security Checks
high
121658Photon OS 1.0: Linux PHSA-2016-0014NessusPhotonOS Local Security Checks
high
111848Photon OS 1.0: Linux / Openssh PHSA-2016-0014 (deprecated)NessusPhotonOS Local Security Checks
high
102511Oracle Linux 7 : kernel (ELSA-2017-1842-1) (Stack Clash)NessusOracle Linux Local Security Checks
critical
101431Virtuozzo 7 : kernel / kernel-abi-whitelists / kernel-debug / etc (VZLSA-2017-0386)NessusVirtuozzo Local Security Checks
high
99163OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0057) (Dirty COW)NessusOracleVM Local Security Checks
critical
97558CentOS 7 : kernel (CESA-2017:0386)NessusCentOS Local Security Checks
high
97516Scientific Linux Security Update : kernel on SL7.x x86_64 (20170302)NessusScientific Linux Local Security Checks
high
97513RHEL 6 : MRG (RHSA-2017:0402)NessusRed Hat Local Security Checks
high
97510RHEL 7 : kernel-rt (RHSA-2017:0387)NessusRed Hat Local Security Checks
high
97509RHEL 7 : kernel (RHSA-2017:0386)NessusRed Hat Local Security Checks
high
97506Oracle Linux 7 : kernel (ELSA-2017-0386)NessusOracle Linux Local Security Checks
high
96518OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0005)NessusOracleVM Local Security Checks
high
96517OracleVM 3.4 : Unbreakable / etc (OVMSA-2017-0004)NessusOracleVM Local Security Checks
high
96478Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3509)NessusOracle Linux Local Security Checks
high
96477Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3508)NessusOracle Linux Local Security Checks
high
96188Debian DLA-772-1 : linux security updateNessusDebian Local Security Checks
critical
96134SUSE SLES12 Security Update : kernel (SUSE-SU-2016:3249-1)NessusSuSE Local Security Checks
critical
96088SUSE SLES12 Security Update : kernel (SUSE-SU-2016:3247-1)NessusSuSE Local Security Checks
critical
95989SUSE SLES12 Security Update : kernel (SUSE-SU-2016:3197-1)NessusSuSE Local Security Checks
critical
95805SUSE SLES12 Security Update : kernel (SUSE-SU-2016:3119-1)NessusSuSE Local Security Checks
critical
95803SUSE SLES12 Security Update : kernel (SUSE-SU-2016:3113-1)NessusSuSE Local Security Checks
critical
95802SUSE SLES12 Security Update : kernel (SUSE-SU-2016:3112-1)NessusSuSE Local Security Checks
critical
95801SUSE SLES12 Security Update : kernel (SUSE-SU-2016:3111-1)NessusSuSE Local Security Checks
critical
95799SUSE SLES12 Security Update : kernel (SUSE-SU-2016:3109-1)NessusSuSE Local Security Checks
critical
95778Fedora 23 : kernel (2016-5aff4a6bbc)NessusFedora Local Security Checks
high
95727Fedora 24 : kernel (2016-5cb5b4082d)NessusFedora Local Security Checks
high
95726Fedora 25 : kernel (2016-107f03cc00)NessusFedora Local Security Checks
high
95723Slackware 14.2 / current : kernel (SSA:2016-347-01)NessusSlackware Local Security Checks
high
95708openSUSE Security Update : the Linux Kernel (openSUSE-2016-1436)NessusSuSE Local Security Checks
critical
95705openSUSE Security Update : the Linux Kernel (openSUSE-2016-1431)NessusSuSE Local Security Checks
critical
95702openSUSE Security Update : the Linux Kernel (openSUSE-2016-1428)NessusSuSE Local Security Checks
critical
95701openSUSE Security Update : the Linux Kernel (openSUSE-2016-1426)NessusSuSE Local Security Checks
critical
95660SUSE SLES12 Security Update : kernel (SUSE-SU-2016:3063-1)NessusSuSE Local Security Checks
critical
95628SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2016:3049-1)NessusSuSE Local Security Checks
critical
95609Amazon Linux AMI : kernel (ALAS-2016-772)NessusAmazon Linux Local Security Checks
high
95606SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2016:3039-1)NessusSuSE Local Security Checks
critical
95574Ubuntu 16.10 : linux-raspi2 vulnerabilities (USN-3152-2)NessusUbuntu Local Security Checks
high
95573Ubuntu 16.10 : linux vulnerability (USN-3152-1)NessusUbuntu Local Security Checks
high
95572Ubuntu 16.04 LTS : linux-raspi2 vulnerability (USN-3151-4)NessusUbuntu Local Security Checks
high
95571Ubuntu 16.04 LTS : linux-snapdragon vulnerability (USN-3151-3)NessusUbuntu Local Security Checks
high
95570Ubuntu 14.04 LTS : linux-lts-xenial vulnerability (USN-3151-2)NessusUbuntu Local Security Checks
high
95569Ubuntu 16.04 LTS : linux vulnerability (USN-3151-1)NessusUbuntu Local Security Checks
high
95568Ubuntu 12.04 LTS : linux vulnerability (USN-3150-1)NessusUbuntu Local Security Checks
high
95567Ubuntu 12.04 LTS : linux-lts-trusty vulnerability (USN-3149-2)NessusUbuntu Local Security Checks
high
95566Ubuntu 14.04 LTS : linux vulnerability (USN-3149-1)NessusUbuntu Local Security Checks
high