CVE-2016-3134

8.4HIGH

Key Information:

Vendor: Novell
Status: Suse Linux Enterprise Module For Public Cloud; Suse Linux Enterprise Server; Suse Linux Enterprise Live Patching; Suse Linux Enterprise Desktop
Vendor: CVE Published:; 27 April 2016

Summary

The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call.

References

http://lists.opensuse.org/opensuse-security-announce/2016...

vendor-advisoryx_refsource_SUSE

https://github.com/torvalds/linux/commit/54d83fc74aa9ec72...

x_refsource_CONFIRM

https://code.google.com/p/google-security-research/issues...

x_refsource_MISC

CVSS V3.1

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 27, 2016
Vulnerability Reserved
Mar 13, 2016

Collectors

NVD DatabaseMitre Database