CVE - CVE-2016-8655

CVE-ID
CVE-2016-8655	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Race condition in net/packet/af_packet.c in the Linux kernel through 4.8.12 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging the CAP_NET_RAW capability to change a socket version, related to the packet_set_ring and packet_setsockopt functions.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:1037403 URL:http://www.securitytracker.com/id/1037403 MISC:1037968 URL:http://www.securitytracker.com/id/1037968 MISC:40871 URL:https://www.exploit-db.com/exploits/40871/ MISC:44696 URL:https://www.exploit-db.com/exploits/44696/ MISC:94692 URL:http://www.securityfocus.com/bid/94692 MISC:RHSA-2017:0386 URL:http://rhn.redhat.com/errata/RHSA-2017-0386.html MISC:RHSA-2017:0387 URL:http://rhn.redhat.com/errata/RHSA-2017-0387.html MISC:RHSA-2017:0402 URL:http://rhn.redhat.com/errata/RHSA-2017-0402.html MISC:SUSE-SU-2016:3096 URL:http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00044.html MISC:SUSE-SU-2016:3113 URL:http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00054.html MISC:SUSE-SU-2016:3116 URL:http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00055.html MISC:SUSE-SU-2016:3117 URL:http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00056.html MISC:SUSE-SU-2016:3169 URL:http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00067.html MISC:SUSE-SU-2016:3183 URL:http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00070.html MISC:SUSE-SU-2016:3197 URL:http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00073.html MISC:SUSE-SU-2016:3205 URL:http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00076.html MISC:SUSE-SU-2016:3206 URL:http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00077.html MISC:SUSE-SU-2016:3247 URL:http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00087.html MISC:USN-3149-1 URL:http://www.ubuntu.com/usn/USN-3149-1 MISC:USN-3149-2 URL:http://www.ubuntu.com/usn/USN-3149-2 MISC:USN-3150-1 URL:http://www.ubuntu.com/usn/USN-3150-1 MISC:USN-3150-2 URL:http://www.ubuntu.com/usn/USN-3150-2 MISC:USN-3151-1 URL:http://www.ubuntu.com/usn/USN-3151-1 MISC:USN-3151-2 URL:http://www.ubuntu.com/usn/USN-3151-2 MISC:USN-3151-3 URL:http://www.ubuntu.com/usn/USN-3151-3 MISC:USN-3151-4 URL:http://www.ubuntu.com/usn/USN-3151-4 MISC:USN-3152-1 URL:http://www.ubuntu.com/usn/USN-3152-1 MISC:USN-3152-2 URL:http://www.ubuntu.com/usn/USN-3152-2 MISC:[oss-security] 20161206 CVE-2016-8655 Linux af_packet.c race condition (local root) URL:http://www.openwall.com/lists/oss-security/2016/12/06/1 MISC:http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=84ac7260236a49c79eede91617700174c2c19b0c URL:http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=84ac7260236a49c79eede91617700174c2c19b0c MISC:http://packetstormsecurity.com/files/140063/Linux-Kernel-4.4.0-AF_PACKET-Race-Condition-Privilege-Escalation.html URL:http://packetstormsecurity.com/files/140063/Linux-Kernel-4.4.0-AF_PACKET-Race-Condition-Privilege-Escalation.html MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1400019 URL:https://bugzilla.redhat.com/show_bug.cgi?id=1400019 MISC:https://github.com/torvalds/linux/commit/84ac7260236a49c79eede91617700174c2c19b0c URL:https://github.com/torvalds/linux/commit/84ac7260236a49c79eede91617700174c2c19b0c MISC:https://source.android.com/security/bulletin/2017-03-01.html URL:https://source.android.com/security/bulletin/2017-03-01.html
Assigning CNA
Red Hat, Inc.
Date Record Created
20161012	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20161012)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)