Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2016-4997

CWE-264 CWE-20 — Improper Input Validation29 documents9 sources

Severity

7.8HIGH

EPSS

6.4%

top 9.00%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Linux Linux Kernel Canonical Ubuntu Linux Debian Debian Linux +8 more

Timeline

PublishedJul 3

Latest updateMay 13

Description

The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages15 packages

▶NVDlinux/linux_kernel2.6.17 — 3.2.80+8

▶Debianlinux< 4.6.2-2+3

▶Ubuntulinux< 3.13.0-91.138+1

▶Ubuntulinux-raspi2< 4.4.0-1016.22

▶Ubuntulinux-lts-vivid< 3.19.0-64.72~14.04.1

Also affects: Debian Linux 8.0, Ubuntu Linux 12.04, 14.04, 15.10, 16.04

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-qc28-hwmc-pw94: The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4↗2022-05-13

▶

OSV

CVE-2016-4997: The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4↗2016-07-03

▶

CVEList

CVE-2016-4997: The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4↗2016-07-03

▶

OSV

linux vulnerabilities↗2016-06-27

▶

OSV

linux-snapdragon vulnerabilities↗2016-06-27

▶

💥Exploits & PoCs

Exploit-DB

Linux Kernel 4.6.2 (Ubuntu 16.04.1) - 'IP6T_SO_SET_REPLACE' Local Privilege Escalation↗2016-10-10

▶

Exploit-DB

Linux Kernel 4.6.3 (x86) - 'Netfilter' Local Privilege Escalation (Metasploit)↗2016-09-27

▶

📋Vendor Advisories

Ubuntu

Linux kernel vulnerabilities↗2017-06-21

▶

Ubuntu

Linux kernel (Wily HWE) vulnerabilities↗2016-06-27

▶

Ubuntu

Linux kernel (Vivid HWE) vulnerabilities↗2016-06-27

▶

Ubuntu

Linux kernel (Qualcomm Snapdragon) vulnerabilities↗2016-06-27

▶

Ubuntu

Linux kernel vulnerabilities↗2016-06-27

▶

💬Community

Bugzilla

CVE-2016-4997 compat IP6T_SO_SET_REPLACE setsockopt↗2016-10-10

▶

Bugzilla

CVE-2016-4997 kernel: compat IPT_SO_SET_REPLACE setsockopt [fedora-all]↗2016-06-28

▶

Bugzilla

CVE-2016-4997 kernel: compat IPT_SO_SET_REPLACE setsockopt↗2016-06-24

▶