PT-2016-2922 · Linux+5 · Linux Kernel+5
Rebel
·
Published
2016-12-02
·
Updated
2025-09-29
·
CVE-2016-8655
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 4.8.12
Description
The issue exists due to insufficient checking of a resource's state when it can be shared, allowing a local attacker to potentially gain privileges or cause a denial of service (use-after-free) by exploiting the CAP NET RAW capability to change a socket version. This is related to the
packet set ring and packet setsockopt functions.Recommendations
For Linux kernel versions prior to 4.8.12, update to version 4.8.12 or later to resolve the issue. As a temporary workaround, consider restricting the use of the CAP NET RAW capability to minimize the risk of exploitation.
Exploit
Fix
DoS
Race Condition
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Centos
Linux Kernel
Red Hat
Suse
Ubuntu