CVE-2016-5696

CWE-200 — Information Exposure CWE-20318 documents9 sources

Severity

4.8MEDIUM

EPSS

29.2%

top 3.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Android Linux Linux Kernel Oracle VM Server

Timeline

PublishedAug 6

Latest updateMay 13

Description

net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly determine the rate of challenge ACK segments, which makes it easier for remote attackers to hijack TCP sessions via a blind in-window attack.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:LExploitability: 2.2 | Impact: 2.5

Affected Packages5 packages

▶NVDlinux/linux_kernel4.6.6

▶Debianlinux< 4.7.2-1+3

▶Ubuntulinux< 3.13.0-95.142

▶NVDgoogle/android7.0

▶NVDoracle/vm_server3.3, 3.4+1

Patches

Patch: git.kernel.org ↗Patch: github.com ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

GHSA

GHSA-26qg-wc7f-8867: net/ipv4/tcp_input↗2022-05-13

▶

OSV

linux vulnerabilities↗2016-08-29

▶

OSV

CVE-2016-5696: net/ipv4/tcp_input↗2016-08-06

▶

CVEList

CVE-2016-5696: net/ipv4/tcp_input↗2016-08-06

▶

📋Vendor Advisories

Android

CVE-2016-5696: Android Security Bulletin 2016-10-01 CVE: CVE-2016-5696 Severity: MEDIUM References: A-30809774 Upstream kernel↗2016-10-01

▶

Ubuntu

Linux kernel (Raspberry Pi 2) vulnerabilities↗2016-08-30

▶

Ubuntu

Linux kernel (Qualcomm Snapdragon) vulnerabilities↗2016-08-30

▶

Ubuntu

Linux kernel (Xenial HWE) vulnerabilities↗2016-08-30

▶

Ubuntu

Linux kernel (OMAP4) vulnerabilities↗2016-08-29

▶

💬Community

Bugzilla

CVE-2016-5696 kernel: challenge ACK counter information disclosure. [fedora-all]↗2016-07-12

▶

Bugzilla

CVE-2016-5696 kernel: challenge ACK counter information disclosure.↗2016-07-12

▶