CVE-2016-3134
published 2016-04-27CVE-2016-3134: The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a…
high8.4CVSS 3.0
AVLACLPRNUINSUCHIHAH
EXPLOIT
The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | linux | < linux 4.5.1-1 (bookworm) | linux 4.5.1-1 (bookworm) |
| android | — | — | |
| linux | linux_kernel | <= 4.5.2 | — |
| linux | linux_kernel | >= 0 < 4.5.1-1 | 4.5.1-1 |
| linux | linux_kernel | >= 0 < 4.5.1-1 | 4.5.1-1 |
| linux | linux_kernel | >= 0 < 4.5.1-1 | 4.5.1-1 |
| linux | linux_kernel | >= 0 < 4.5.1-1 | 4.5.1-1 |
| linux | linux_kernel | >= 0 < 3.13.0-83.127 | 3.13.0-83.127 |
| novell | suse_linux_enterprise_debuginfo | — | — |
| novell | suse_linux_enterprise_desktop | — | — |
| novell | suse_linux_enterprise_live_patching | — | — |
| novell | suse_linux_enterprise_module_for_public_cloud | — | — |
| novell | suse_linux_enterprise_real_time_extension | — | — |
| novell | suse_linux_enterprise_server | — | — |
| novell | suse_linux_enterprise_server | — | — |
| novell | suse_linux_enterprise_software_development_kit | — | — |
| novell | suse_linux_enterprise_software_development_kit | — | — |
| novell | suse_linux_enterprise_workstation_extension | — | — |
CVSS provenance
nvdv3.08.4HIGHCVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv8.4HIGH