CVE-2016-8655

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.8.12

Description The issue exists due to insufficient checking of a resource's state when it can be shared, allowing a local attacker to potentially gain privileges or cause a denial of service (use-after-free) by exploiting the CAP NET RAW capability to change a socket version. This is related to the packet set ring and packet setsockopt functions.

Recommendations For Linux kernel versions prior to 4.8.12, update to version 4.8.12 or later to resolve the issue. As a temporary workaround, consider restricting the use of the CAP NET RAW capability to minimize the risk of exploitation.