PT-2016-6212 · Linux+5 · Linux Kernel+5

Adam Mariš

Published

2016-06-02

Updated

2024-06-15

CVE-2016-4998

CVSS v3.1

7.1

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.6

Description The issue allows local users to cause a denial of service or possibly obtain sensitive information from kernel heap memory by providing a crafted offset value. This is achieved by leveraging in-container root access, which leads to crossing a ruleset blob boundary in the netfilter subsystem.

Recommendations For Linux kernel versions prior to 4.6, update to version 4.6 or later to resolve the issue. As a temporary workaround, consider restricting in-container root access to minimize the risk of exploitation.

Exploit

Fix

DoS

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

ALT-PU-2016-1572

ALT-PU-2017-1330

CESA-2016_1847

CESA-2017_0036

CVE-2016-4998

DSA-3607-1

MGASA-2016-0271

MGASA-2016-0283

MGASA-2016-0284

OPENSUSE-SU-2016_2184-1

OPENSUSE-SU-2016_2290-1

OPENSUSE-SU-2017_1140-1

OPENSUSE-SU-2024:10128-1

RHSA-2016:1847

RHSA-2016:1875

RHSA-2016:1883

RHSA-2016_1847

RHSA-2016_1875

RHSA-2017:0036

RHSA-2017_0036

SUSE-SU-2016_1709-1

SUSE-SU-2016_1710-1

USN-3016-1

USN-3016-2

USN-3016-3

USN-3016-4

USN-3017-1

USN-3017-2

USN-3017-3

USN-3018-1

USN-3018-2

USN-3019-1

USN-3020-1

Affected Products

Alt Linux

Centos

Linux Kernel

Red Hat

Suse

Ubuntu

PT-2016-6212 · Linux+5 · Linux Kernel+5

CVE-2016-4998

Weakness Enumeration

Related Identifiers

Affected Products

References · 164