CVE-2016-3134

8.4HIGH

Key Information

Vendor
Novell
Status
Suse Linux Enterprise Module For Public Cloud
Suse Linux Enterprise Server
Suse Linux Enterprise Live Patching
Suse Linux Enterprise Desktop
Vendor
CVE Published:
27 April 2016

Summary

The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call.

CVSS V3.1

Score:
8.4
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published.

  • Vulnerability Reserved.

Collectors

NVD DatabaseMitre Database
.