Privilege Escalation Vulnerability in Linux Kernel Netfilter Subsystem
CVE-2016-3134

8.4HIGH

Key Information:

Vendor
Novell
Status
Suse Linux Enterprise Module For Public Cloud
Suse Linux Enterprise Server
Suse Linux Enterprise Live Patching
Suse Linux Enterprise Desktop
Vendor
CVE Published:
27 April 2016

Summary

The netfilter subsystem within the Linux kernel does not appropriately validate certain offset fields, facilitating local users to exploit this vulnerability. This can potentially enable users to escalate privileges or induce a denial of service through heap memory corruption by leveraging the IPT_SO_SET_REPLACE setsockopt call. Distributions utilizing affected kernel versions are urged to apply patches promptly to mitigate such risks.

References

http://lists.opensuse.org/opensuse-security-announce/2016...
vendor-advisoryx_refsource_SUSE
https://github.com/torvalds/linux/commit/54d83fc74aa9ec72...
x_refsource_CONFIRM
https://code.google.com/p/google-security-research/issues...
x_refsource_MISC

CVSS V3.1

Score:
8.4
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.