Denial of Service Vulnerability in Linux Kernel IPv4 Implementation
CVE-2016-3156

5.5MEDIUM

Key Information:

Vendor

Novell
Status
Suse Linux Enterprise Module For Public Cloud
Suse Linux Enterprise Server
Suse Linux Enterprise Live Patching
Suse Linux Enterprise Real Time Extension
Vendor
CVE Published:
27 April 2016

What is CVE-2016-3156?

A vulnerability in the IPv4 implementation of the Linux kernel allows users of a guest operating system to manipulate the destruction of device objects. By doing so, they can create a large number of IP addresses that could lead to denial of service situations for the host operating system, resulting in networking outages. This issue affects versions of the Linux kernel prior to 4.5.2 and poses a significant risk in multi-tenant environments where resource management and isolation are crucial.

References

http://www.ubuntu.com/usn/USN-2971-2
vendor-advisoryx_refsource_UBUNTU
http://lists.opensuse.org/opensuse-security-announce/2016...
vendor-advisoryx_refsource_SUSE
https://bugzilla.redhat.com/show_bug.cgi?id=1318172
x_refsource_CONFIRM

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.