CVE-2016-3135
published 2016-04-27CVE-2016-3135: Integer overflow in the xt_alloc_table_info function in net/netfilter/x_tables.c in the Linux kernel through 4.5.2 on 32-bit platforms allows local users to…
PriorityP342high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EXPLOIT
EPSS
1.01%
58.7th percentile
Integer overflow in the xt_alloc_table_info function in net/netfilter/x_tables.c in the Linux kernel through 4.5.2 on 32-bit platforms allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | linux | < linux 4.4.6-1 (bookworm) | linux 4.4.6-1 (bookworm) |
| linux | linux_kernel | >= 0 < 4.4.6-1 | 4.4.6-1 |
| linux | linux_kernel | >= 0 < 4.4.6-1 | 4.4.6-1 |
| linux | linux_kernel | >= 0 < 4.4.6-1 | 4.4.6-1 |
| linux | linux_kernel | >= 0 < 4.4.6-1 | 4.4.6-1 |
| linux | linux_kernel | >= 0 < 4.4.0-34.53 | 4.4.0-34.53 |
| linux | linux_kernel | >= 4.2 < 4.4.21 | 4.4.21 |
| linux | linux_kernel | >= 4.5 < 4.6 | 4.6 |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
osv7.8HIGH
vendor_debian7.8HIGH
vendor_redhat7.8HIGH
vendor_ubuntu7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Linux kernel (Raspberry Pi 2) vulnerabilities
vendor_ubuntu·2016-08-10·CVSS 7.8
CVE-2016-3135 [HIGH] Linux kernel (Raspberry Pi 2) vulnerabilities
Title: Linux kernel (Raspberry Pi 2) vulnerabilities
Summary: Several security issues were fixed in the kernel.
Ben Hawkes discovered an integer overflow in the Linux netfilter
implementation. On systems running 32 bit kernels, a local unprivileged
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code with administrative privileges.
(CVE-2016-3135)
It was discovered that the keyring implementation in the Linux kernel did
not ensure a data structure was initialized before referencing it after an
error condition occurred. A local attacker could use this to cause a denial
of service (system crash). (CVE-2016-4470)
Sasha Levin discovered that a use-after-free existed in the percpu
allocator in the Linux kernel. A local attacker could use thi
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2016-08-10·CVSS 7.8
CVE-2016-3135 [HIGH] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the kernel.
Ben Hawkes discovered an integer overflow in the Linux netfilter
implementation. On systems running 32 bit kernels, a local unprivileged
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code with administrative privileges.
(CVE-2016-3135)
It was discovered that the keyring implementation in the Linux kernel did
not ensure a data structure was initialized before referencing it after an
error condition occurred. A local attacker could use this to cause a denial
of service (system crash). (CVE-2016-4470)
Sasha Levin discovered that a use-after-free existed in the percpu
allocator in the Linux kernel. A local attacker could use this to cause a
deni
Ubuntu
Linux kernel (Qualcomm Snapdragon) vulnerabilities
vendor_ubuntu·2016-08-10·CVSS 7.8
CVE-2016-3135 [HIGH] Linux kernel (Qualcomm Snapdragon) vulnerabilities
Title: Linux kernel (Qualcomm Snapdragon) vulnerabilities
Summary: Several security issues were fixed in the kernel.
Ben Hawkes discovered an integer overflow in the Linux netfilter
implementation. On systems running 32 bit kernels, a local unprivileged
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code with administrative privileges.
(CVE-2016-3135)
It was discovered that the keyring implementation in the Linux kernel did
not ensure a data structure was initialized before referencing it after an
error condition occurred. A local attacker could use this to cause a denial
of service (system crash). (CVE-2016-4470)
Sasha Levin discovered that a use-after-free existed in the percpu
allocator in the Linux kernel. A local attacker could us
Ubuntu
Linux kernel (Xenial HWE) vulnerabilities
vendor_ubuntu·2016-08-10·CVSS 7.8
CVE-2016-3135 [HIGH] Linux kernel (Xenial HWE) vulnerabilities
Title: Linux kernel (Xenial HWE) vulnerabilities
Summary: Several security issues were fixed in the kernel.
Ben Hawkes discovered an integer overflow in the Linux netfilter
implementation. On systems running 32 bit kernels, a local unprivileged
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code with administrative privileges.
(CVE-2016-3135)
It was discovered that the keyring implementation in the Linux kernel did
not ensure a data structure was initialized before referencing it after an
error condition occurred. A local attacker could use this to cause a denial
of service (system crash). (CVE-2016-4470)
Sasha Levin discovered that a use-after-free existed in the percpu
allocator in the Linux kernel. A local attacker could use this to
Ubuntu
Linux kernel (Raspberry Pi 2) vulnerabilities
vendor_ubuntu·2016-03-16·CVSS 4.6
CVE-2015-7566 [MEDIUM] Linux kernel (Raspberry Pi 2) vulnerabilities
Title: Linux kernel (Raspberry Pi 2) vulnerabilities
Summary: Several security issues were fixed in the kernel.
Ben Hawkes discovered that the Linux netfilter implementation did not
correctly perform validation when handling IPT_SO_SET_REPLACE events. A
local unprivileged attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code with administrative
privileges. (CVE-2016-3134)
Ben Hawkes discovered an integer overflow in the Linux netfilter
implementation. On systems running 32 bit kernels, a local unprivileged
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code with administrative privileges.
(CVE-2016-3135)
Ralf Spenneberg discovered that the USB driver for Clie devices in the
Linux kernel
Ubuntu
Linux kernel (Wily HWE) vulnerabilities
vendor_ubuntu·2016-03-14·CVSS 4.6
CVE-2015-7566 [MEDIUM] Linux kernel (Wily HWE) vulnerabilities
Title: Linux kernel (Wily HWE) vulnerabilities
Summary: Several security issues were fixed in the kernel.
Ben Hawkes discovered that the Linux netfilter implementation did not
correctly perform validation when handling IPT_SO_SET_REPLACE events. A
local unprivileged attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code with administrative
privileges. (CVE-2016-3134)
Ben Hawkes discovered an integer overflow in the Linux netfilter
implementation. On systems running 32 bit kernels, a local unprivileged
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code with administrative privileges.
(CVE-2016-3135)
Ralf Spenneberg discovered that the USB driver for Clie devices in the
Linux kernel did no
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2016-03-14·CVSS 4.6
CVE-2015-7566 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the kernel.
Ben Hawkes discovered that the Linux netfilter implementation did not
correctly perform validation when handling IPT_SO_SET_REPLACE events. A
local unprivileged attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code with administrative
privileges. (CVE-2016-3134)
Ben Hawkes discovered an integer overflow in the Linux netfilter
implementation. On systems running 32 bit kernels, a local unprivileged
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code with administrative privileges.
(CVE-2016-3135)
Ralf Spenneberg discovered that the USB driver for Clie devices in the
Linux kernel did not properly
Red Hat
kernel: netfilter: size overflow in x_tables
vendor_redhat·2016-03-10·CVSS 7.8
CVE-2016-3135 [HIGH] CWE-190 kernel: netfilter: size overflow in x_tables
kernel: netfilter: size overflow in x_tables
Integer overflow in the xt_alloc_table_info function in net/netfilter/x_tables.c in the Linux kernel through 4.5.2 on 32-bit platforms allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call.
An integer overflow vulnerability was found in the Linux kernel in xt_alloc_table_info, which on 32-bit systems can lead to small structure allocation and a copy_from_user based heap corruption.
Statement: This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6, as the code with the flaw is not present in the products listed.
This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG-2, as 3
Debian
CVE-2016-3135: linux - Integer overflow in the xt_alloc_table_info function in net/netfilter/x_tables.c...
vendor_debian·2016·CVSS 7.8
CVE-2016-3135 [HIGH] CVE-2016-3135: linux - Integer overflow in the xt_alloc_table_info function in net/netfilter/x_tables.c...
Integer overflow in the xt_alloc_table_info function in net/netfilter/x_tables.c in the Linux kernel through 4.5.2 on 32-bit platforms allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call.
Scope: local
bookworm: resolved (fixed in 4.4.6-1)
bullseye: resolved (fixed in 4.4.6-1)
forky: resolved (fixed in 4.4.6-1)
sid: resolved (fixed in 4.4.6-1)
trixie: resolved (fixed in 4.4.6-1)
GHSA
GHSA-j2qg-x8p3-53x6: Integer overflow in the xt_alloc_table_info function in net/netfilter/x_tables
ghsa_unreviewed·2022-05-17
CVE-2016-3135 [HIGH] GHSA-j2qg-x8p3-53x6: Integer overflow in the xt_alloc_table_info function in net/netfilter/x_tables
Integer overflow in the xt_alloc_table_info function in net/netfilter/x_tables.c in the Linux kernel through 4.5.2 on 32-bit platforms allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call.
OSV
linux vulnerabilities
osv·2016-08-10·CVSS 7.8
CVE-2016-3135 [HIGH] linux vulnerabilities
linux vulnerabilities
Ben Hawkes discovered an integer overflow in the Linux netfilter
implementation. On systems running 32 bit kernels, a local unprivileged
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code with administrative privileges.
(CVE-2016-3135)
It was discovered that the keyring implementation in the Linux kernel did
not ensure a data structure was initialized before referencing it after an
error condition occurred. A local attacker could use this to cause a denial
of service (system crash). (CVE-2016-4470)
Sasha Levin discovered that a use-after-free existed in the percpu
allocator in the Linux kernel. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code with
admin
OSV
linux-lts-xenial vulnerabilities
osv·2016-08-10·CVSS 7.8
CVE-2016-3135 [HIGH] linux-lts-xenial vulnerabilities
linux-lts-xenial vulnerabilities
Ben Hawkes discovered an integer overflow in the Linux netfilter
implementation. On systems running 32 bit kernels, a local unprivileged
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code with administrative privileges.
(CVE-2016-3135)
It was discovered that the keyring implementation in the Linux kernel did
not ensure a data structure was initialized before referencing it after an
error condition occurred. A local attacker could use this to cause a denial
of service (system crash). (CVE-2016-4470)
Sasha Levin discovered that a use-after-free existed in the percpu
allocator in the Linux kernel. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code
OSV
linux-snapdragon vulnerabilities
osv·2016-08-10·CVSS 7.8
CVE-2016-3135 [HIGH] linux-snapdragon vulnerabilities
linux-snapdragon vulnerabilities
Ben Hawkes discovered an integer overflow in the Linux netfilter
implementation. On systems running 32 bit kernels, a local unprivileged
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code with administrative privileges.
(CVE-2016-3135)
It was discovered that the keyring implementation in the Linux kernel did
not ensure a data structure was initialized before referencing it after an
error condition occurred. A local attacker could use this to cause a denial
of service (system crash). (CVE-2016-4470)
Sasha Levin discovered that a use-after-free existed in the percpu
allocator in the Linux kernel. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code
OSV
linux-raspi2 vulnerabilities
osv·2016-08-10·CVSS 7.8
CVE-2016-3135 [HIGH] linux-raspi2 vulnerabilities
linux-raspi2 vulnerabilities
Ben Hawkes discovered an integer overflow in the Linux netfilter
implementation. On systems running 32 bit kernels, a local unprivileged
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code with administrative privileges.
(CVE-2016-3135)
It was discovered that the keyring implementation in the Linux kernel did
not ensure a data structure was initialized before referencing it after an
error condition occurred. A local attacker could use this to cause a denial
of service (system crash). (CVE-2016-4470)
Sasha Levin discovered that a use-after-free existed in the percpu
allocator in the Linux kernel. A local attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code wit
OSV
CVE-2016-3135: Integer overflow in the xt_alloc_table_info function in net/netfilter/x_tables
osv·2016-04-27·CVSS 7.8
CVE-2016-3135 [HIGH] CVE-2016-3135: Integer overflow in the xt_alloc_table_info function in net/netfilter/x_tables
Integer overflow in the xt_alloc_table_info function in net/netfilter/x_tables.c in the Linux kernel through 4.5.2 on 32-bit platforms allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call.
OSV
linux-lts-wily vulnerabilities
osv·2016-03-14·CVSS 4.6
CVE-2016-3134 [MEDIUM] linux-lts-wily vulnerabilities
linux-lts-wily vulnerabilities
Ben Hawkes discovered that the Linux netfilter implementation did not
correctly perform validation when handling IPT_SO_SET_REPLACE events. A
local unprivileged attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code with administrative
privileges. (CVE-2016-3134)
Ben Hawkes discovered an integer overflow in the Linux netfilter
implementation. On systems running 32 bit kernels, a local unprivileged
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code with administrative privileges.
(CVE-2016-3135)
Ralf Spenneberg discovered that the USB driver for Clie devices in the
Linux kernel did not properly validate the endpoints reported by the
device. An attacker with p
No detection rules found.
Bugzilla
CVE-2016-3135 kernel: netfilter: size overflow in x_tables
bugzilla·2016-03-14·CVSS 7.8
CVE-2016-3135 [HIGH] CVE-2016-3135 kernel: netfilter: size overflow in x_tables
CVE-2016-3135 kernel: netfilter: size overflow in x_tables
An integer overflow vulnerability was found in xt_alloc_table_info, which on 32-bit systems can lead to small structure allocation and a copy_from_user based heap corruption.
Proposed fix:
patch v1 message: http://marc.info/?l=netfilter-devel&m=145757136822750&w=2
patch v1 thread: http://marc.info/?t=145757149700001&r=1&w=2
patch v2 message: http://marc.info/?l=netfilter-devel&m=145800533813758&w=2 (in netfilter-devel)
patch v2 message: http://marc.info/?l=linux-netdev&m=145800538413781&w=2 (in linux-netdev)
CVE request and assignment:
http://seclists.org/oss-sec/2016/q1/581
http://seclists.org/oss-sec/2016/q1/619
Discussion:
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 1317387]
---
Statement:
T
Bugzilla
CVE-2016-3135 kernel: netfilter: size overflow in x_tables [fedora-all]
bugzilla·2016-03-14·CVSS 7.8
CVE-2016-3135 [HIGH] CVE-2016-3135 kernel: netfilter: size overflow in x_tables [fedora-all]
CVE-2016-3135 kernel: netfilter: size overflow in x_tables [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d157bd761585605b7882935ffb86286919f62ea1http://www.securityfocus.com/bid/84305http://www.ubuntu.com/usn/USN-2930-1http://www.ubuntu.com/usn/USN-2930-2http://www.ubuntu.com/usn/USN-2930-3http://www.ubuntu.com/usn/USN-3054-1http://www.ubuntu.com/usn/USN-3055-1http://www.ubuntu.com/usn/USN-3056-1http://www.ubuntu.com/usn/USN-3057-1https://bugzilla.redhat.com/show_bug.cgi?id=1317386https://code.google.com/p/google-security-research/issues/detail?id=758https://github.com/torvalds/linux/commit/d157bd761585605b7882935ffb86286919f62ea1http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d157bd761585605b7882935ffb86286919f62ea1http://www.securityfocus.com/bid/84305http://www.ubuntu.com/usn/USN-2930-1http://www.ubuntu.com/usn/USN-2930-2http://www.ubuntu.com/usn/USN-2930-3http://www.ubuntu.com/usn/USN-3054-1http://www.ubuntu.com/usn/USN-3055-1http://www.ubuntu.com/usn/USN-3056-1http://www.ubuntu.com/usn/USN-3057-1https://bugzilla.redhat.com/show_bug.cgi?id=1317386https://code.google.com/p/google-security-research/issues/detail?id=758https://github.com/torvalds/linux/commit/d157bd761585605b7882935ffb86286919f62ea1
2016-04-27
Published