CVE-2016-10229

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.5 PAN-OS versions 6.1.17 and earlier, 7.0, 7.1.10 and earlier, 8.0.2 and earlier

Description The issue allows remote attackers to execute arbitrary code via UDP traffic that triggers an unsafe second checksum calculation during execution of a recv system call with the MSG PEEK flag. This is due to an incorrect implementation of security checks for standard elements in the udp.c component of the Linux kernel. Successful exploitation of this issue requires an attacker to be on the management network.

Recommendations For Linux kernel versions prior to 4.5, update to version 4.5 or later to resolve the issue. For PAN-OS versions 6.1.17 and earlier, 7.0, 7.1.10 and earlier, 8.0.2 and earlier, apply the relevant patch or update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the management network to minimize the risk of exploitation.