Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-16995 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Kernel

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787 — Out-of-bounds Write30 documents13 sources

Severity

7.8HIGHNVD

EPSS

82.8%

top 0.75%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Linux Kernel Debian Linux Canonical Ubuntu Linux +1 more

Timeline

PublishedDec 27

Latest updateSep 5

Description

The check_alu_op function in kernel/bpf/verifier.c in the Linux kernel through 4.4 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging incorrect sign extension.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

▶NVDlinux/linux_kernel4.9 — 4.9.72+1

▶Debianlinux/linux_kernel< 4.14.7-1+3

▶Ubuntulinux/linux_kernel< 4.4.0-119.143

▶debiandebian/linux< linux 4.14.7-1 (bookworm)

Also affects: Debian Linux 9.0, Ubuntu Linux 14.04, 16.04

🔴Vulnerability Details

GHSA

GHSA-45mv-5p9c-6w7c: The check_alu_op function in kernel/bpf/verifier↗2022-05-13

▶

OSV

linux-lts-xenial, linux-aws vulnerabilities↗2018-04-05

▶

OSV

linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities↗2018-04-04

▶

OSV

linux-hwe, linux-azure, linux-gcp, linux-oem vulnerabilities↗2018-01-10

▶

OSV

CVE-2017-16995: The check_alu_op function in kernel/bpf/verifier↗2017-12-27

▶

💥Exploits & PoCs

Exploit-DB

Linux - BPF Sign Extension Local Privilege Escalation (Metasploit)↗2018-07-19

▶

Exploit-DB

Linux Kernel < 4.13.9 (Ubuntu 16.04 / Fedora 27) - Local Privilege Escalation↗2018-07-10

▶

Exploit-DB

Linux Kernel < 4.4.0-116 (Ubuntu 16.04.4) - Local Privilege Escalation↗2018-03-16

▶

Exploit-DB

Intel Active Management Technology - System Privileges↗2017-05-10

▶

Metasploit

Linux BPF Sign Extension Local Privilege Escalation↗

▶

🔍Detection Rules

YARA

Linux_Exploit_CVE_2017_16995_0c81a317↗

▶

YARA

Linux_Exploit_CVE_2017_16995_82816caa↗

▶

YARA

Linux_Exploit_CVE_2017_16995_5edb0181↗

▶

📋Vendor Advisories

Ubuntu

Linux kernel (Intel Euclid) vulnerability↗2018-04-24

▶

Ubuntu

Linux kernel (Xenial HWE) vulnerabilities↗2018-04-05

▶

Ubuntu

Linux kernel vulnerabilities↗2018-04-04

▶

Ubuntu

Linux kernel (Raspberry Pi 2) vulnerabilities↗2018-01-10

▶

Ubuntu

Linux kernel (HWE) vulnerabilities↗2018-01-10

▶

📄Research Papers

arXiv

Rethinking Tamper-Evident Logging: A High-Performance, Co-Designed Auditing System↗2025-09-05

▶

arXiv

KernJC: Automated Vulnerable Environment Generation for Linux Kernel Vulnerabilities↗2024-09-24

▶

CTF

medium / README↗

▶

CTF

Bashed / README↗

▶

CTF

README↗

▶

💬Community

Bugzilla

CVE-2017-16995 kernel: memory corruption caused by BPF verifier bugs can allow for arbitrary code execution [fedora-all]↗2017-12-22

▶

Bugzilla

CVE-2017-16995 kernel: memory corruption caused by BPF verifier bugs can allow for arbitrary code execution↗2017-12-22

▶