CVE-2016-9793

HIGH
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The sock_setsockopt function in net/core/sock.c in the Linux kernel before 4.8.14 mishandles negative values of sk_sndbuf and sk_rcvbuf, which allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option.

References

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b98b0bc8c431e3ceb4b26b0dfc8db509518fb290

http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.14

http://www.openwall.com/lists/oss-security/2016/12/03/1

http://www.securityfocus.com/bid/94655

http://www.securitytracker.com/id/1037968

https://access.redhat.com/errata/RHSA-2017:0931

https://access.redhat.com/errata/RHSA-2017:0932

https://access.redhat.com/errata/RHSA-2017:0933

https://bugzilla.redhat.com/show_bug.cgi?id=1402013

https://github.com/torvalds/linux/commit/b98b0bc8c431e3ceb4b26b0dfc8db509518fb290

https://github.com/xairy/kernel-exploits/tree/master/CVE-2016-9793

https://source.android.com/security/bulletin/2017-03-01.html

Details

Source: MITRE

Published: 2016-12-28

Updated: 2018-01-05

Type: CWE-119

Risk Information

CVSS v2

Base Score: 7.2

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.9

Severity: HIGH

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1.8

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions up to 4.8.13 (inclusive)

Tenable Plugins

View all (45 total)

IDNameProductFamilySeverity
124988EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1535)NessusHuawei Local Security Checks
high
124821EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1498)NessusHuawei Local Security Checks
high
121664Photon OS 1.0: Linux PHSA-2017-0001NessusPhotonOS Local Security Checks
high
111850Photon OS 1.0: Libxml2 / Linux / Openssh PHSA-2017-0001 (deprecated)NessusPhotonOS Local Security Checks
high
102511Oracle Linux 7 : kernel (ELSA-2017-1842-1) (Stack Clash)NessusOracle Linux Local Security Checks
critical
101449Virtuozzo 7 : kernel / kernel-abi-whitelists / kernel-debug / etc (VZLSA-2017-0933)NessusVirtuozzo Local Security Checks
high
99938EulerOS 2.0 SP2 : kernel (EulerOS-SA-2017-1072)NessusHuawei Local Security Checks
high
99937EulerOS 2.0 SP1 : kernel (EulerOS-SA-2017-1071)NessusHuawei Local Security Checks
high
99599Virtuozzo 7 : readykernel-patch (VZA-2017-029)NessusVirtuozzo Local Security Checks
high
99386Oracle Linux 7 : kernel (ELSA-2017-0933-1)NessusOracle Linux Local Security Checks
high
99383CentOS 7 : kernel (CESA-2017:0933)NessusCentOS Local Security Checks
high
99351Scientific Linux Security Update : kernel on SL7.x x86_64 (20170412)NessusScientific Linux Local Security Checks
high
99346RHEL 7 : kernel (RHSA-2017:0933)NessusRed Hat Local Security Checks
high
99345RHEL 6 : MRG (RHSA-2017:0932)NessusRed Hat Local Security Checks
high
99344RHEL 7 : kernel-rt (RHSA-2017:0931)NessusRed Hat Local Security Checks
high
99333Oracle Linux 7 : kernel (ELSA-2017-0933)NessusOracle Linux Local Security Checks
high
99163OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0057) (Dirty COW)NessusOracleVM Local Security Checks
critical
99160Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3534)NessusOracle Linux Local Security Checks
high
97297SUSE SLES11 Security Update : kernel (SUSE-SU-2017:0494-1)NessusSuSE Local Security Checks
critical
97274openSUSE Security Update : the Linux Kernel (openSUSE-2017-245)NessusSuSE Local Security Checks
critical
97205SUSE SLES12 Security Update : kernel (SUSE-SU-2017:0471-1)NessusSuSE Local Security Checks
high
97189SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:0464-1)NessusSuSE Local Security Checks
high
97138openSUSE Security Update : the Linux Kernel (openSUSE-2017-246)NessusSuSE Local Security Checks
critical
97097SUSE SLES11 Security Update : kernel (SUSE-SU-2017:0437-1)NessusSuSE Local Security Checks
critical
96903SUSE SLES11 Security Update : kernel (SUSE-SU-2017:0333-1)NessusSuSE Local Security Checks
critical
96603SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:0181-1)NessusSuSE Local Security Checks
high
96519OracleVM 3.2 : Unbreakable / etc (OVMSA-2017-0006)NessusOracleVM Local Security Checks
high
96518OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0005)NessusOracleVM Local Security Checks
high
96517OracleVM 3.4 : Unbreakable / etc (OVMSA-2017-0004)NessusOracleVM Local Security Checks
high
96479Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2017-3510)NessusOracle Linux Local Security Checks
high
96478Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3509)NessusOracle Linux Local Security Checks
high
96477Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3508)NessusOracle Linux Local Security Checks
high
96444Ubuntu 16.10 : linux-raspi2 vulnerabilities (USN-3170-2)NessusUbuntu Local Security Checks
high
96443Ubuntu 16.10 : linux vulnerabilities (USN-3170-1)NessusUbuntu Local Security Checks
high
96442Ubuntu 16.04 LTS : linux-snapdragon vulnerabilities (USN-3169-4)NessusUbuntu Local Security Checks
high
96441Ubuntu 16.04 LTS : linux-raspi2 vulnerabilities (USN-3169-3)NessusUbuntu Local Security Checks
high
96440Ubuntu 14.04 LTS : linux-lts-xenial vulnerabilities (USN-3169-2)NessusUbuntu Local Security Checks
high
96439Ubuntu 16.04 LTS : linux vulnerabilities (USN-3169-1)NessusUbuntu Local Security Checks
high
96438Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-3168-2)NessusUbuntu Local Security Checks
high
96437Ubuntu 14.04 LTS : linux vulnerabilities (USN-3168-1)NessusUbuntu Local Security Checks
high
96284Amazon Linux AMI : kernel (ALAS-2017-782)NessusAmazon Linux Local Security Checks
high
96188Debian DLA-772-1 : linux security updateNessusDebian Local Security Checks
critical
95778Fedora 23 : kernel (2016-5aff4a6bbc)NessusFedora Local Security Checks
high
95727Fedora 24 : kernel (2016-5cb5b4082d)NessusFedora Local Security Checks
high
95726Fedora 25 : kernel (2016-107f03cc00)NessusFedora Local Security Checks
high