cbcvebase.
CVE-2016-4997
published 2016-07-03

CVE-2016-4997: The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users…

high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EXPLOIT
The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement.

Affected

29 ranges· showing 25
VendorProductVersion rangeFixed in
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
debiandebian_linux
debianlinux< linux 4.6.2-2 (bookworm)linux 4.6.2-2 (bookworm)
linuxlinux_kernel>= 0 < 4.6.2-24.6.2-2
linuxlinux_kernel>= 0 < 4.6.2-24.6.2-2
linuxlinux_kernel>= 0 < 4.6.2-24.6.2-2
linuxlinux_kernel>= 0 < 4.6.2-24.6.2-2
linuxlinux_kernel>= 0 < 3.13.0-91.1383.13.0-91.138
linuxlinux_kernel>= 0 < 4.4.0-28.474.4.0-28.47
linuxlinux_kernel>= 2.6.17 < 3.2.803.2.80
linuxlinux_kernel>= 3.11 < 3.12.623.12.62
linuxlinux_kernel>= 3.13 < 3.14.733.14.73
linuxlinux_kernel>= 3.15 < 3.16.373.16.37
linuxlinux_kernel>= 3.17 < 3.18.373.18.37
linuxlinux_kernel>= 3.19 < 4.1.284.1.28
linuxlinux_kernel>= 3.3 < 3.10.1033.10.103
linuxlinux_kernel>= 4.2 < 4.4.144.4.14
linuxlinux_kernel>= 4.5 < 4.6.34.6.3
novellsuse_linux_enterprise_desktop
novellsuse_linux_enterprise_live_patching
novellsuse_linux_enterprise_module_for_public_cloud
novellsuse_linux_enterprise_real_time_extension

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv7.8HIGH