PT-2016-7227 · Linux+4 · Linux Kernel+4

Dmitry Vyukov

·

Publicado

2016-04-21

·

Atualizado

2023-01-19

·

CVE-2016-7117

CVSS v2.0

10

Crítica

VetorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.5.2
Description The issue is related to a use-after-free vulnerability in the sys recvmmsg function, located in the net/socket.c file of the Linux kernel. This vulnerability can be exploited by remote attackers to execute arbitrary code through vectors involving a recvmmsg system call that is mishandled during error processing.
Recommendations For Linux kernel versions prior to 4.5.2, update to version 4.5.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the recvmmsg system call to minimize the risk of exploitation.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-19

Identificadores relacionados

ALT-PU-2016-1352
ALT-PU-2016-1485
CESA-2017_0036
CESA-2017_0086
CVE-2016-7117
OPENSUSE-SU-2016_2625-1
OPENSUSE-SU-2017_0456-1
OPENSUSE-SU-2017_0458-1
RHSA-2016:2962
RHSA-2016_2962
RHSA-2017:0031
RHSA-2017:0036
RHSA-2017:0065
RHSA-2017:0086
RHSA-2017:0091
RHSA-2017:0113
RHSA-2017:0196
RHSA-2017:0215
RHSA-2017:0216
RHSA-2017:0217
RHSA-2017:0270
RHSA-2017_0036
RHSA-2017_0086
RHSA-2017_0091
SUSE-SU-2016:2976-1
SUSE-SU-2016:3093-1
SUSE-SU-2016:3094-1
SUSE-SU-2016:3098-1
SUSE-SU-2016:3100-1
SUSE-SU-2016:3104-1
SUSE-SU-2016:3109-1
SUSE-SU-2016:3111-1
SUSE-SU-2016:3112-1
SUSE-SU-2016:3119-1
SUSE-SU-2016:3249-1
SUSE-SU-2017:0333-1
SUSE-SU-2017:0494-1
SUSE-SU-2017:0575-1
SUSE-SU-2017:1102-1
SUSE-SU-2017:1247-1
SUSE-SU-2017:1360-1
SUSE-SU-2017:1990-1
SUSE-SU-2017:2342-1
USN-3126-1
USN-3126-2

Produtos afetados

Alt Linux
Centos
Linux Kernel
Red Hat
Suse