CVE - CVE-2016-3134

CVE-ID
CVE-2016-3134	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://code.google.com/p/google-security-research/issues/detail?id=758 CONFIRM:http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54d83fc74aa9ec72794373cb47432c5f7fb1a309 CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1317383 CONFIRM:https://github.com/torvalds/linux/commit/54d83fc74aa9ec72794373cb47432c5f7fb1a309 CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html CONFIRM:http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html DEBIAN:DSA-3607 URL:http://www.debian.org/security/2016/dsa-3607 REDHAT:RHSA-2016:1847 URL:http://rhn.redhat.com/errata/RHSA-2016-1847.html REDHAT:RHSA-2016:1875 URL:http://rhn.redhat.com/errata/RHSA-2016-1875.html REDHAT:RHSA-2016:1883 URL:http://rhn.redhat.com/errata/RHSA-2016-1883.html SUSE:SUSE-SU-2016:1672 URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html SUSE:SUSE-SU-2016:1690 URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html SUSE:SUSE-SU-2016:1696 URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html SUSE:SUSE-SU-2016:1764 URL:http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html SUSE:openSUSE-SU-2016:1641 URL:http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html SUSE:SUSE-SU-2016:1985 URL:http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html SUSE:SUSE-SU-2016:2000 URL:http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html SUSE:SUSE-SU-2016:2001 URL:http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html SUSE:SUSE-SU-2016:2002 URL:http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html SUSE:SUSE-SU-2016:2006 URL:http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html SUSE:SUSE-SU-2016:2007 URL:http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html SUSE:SUSE-SU-2016:2010 URL:http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html SUSE:SUSE-SU-2016:1961 URL:http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html SUSE:SUSE-SU-2016:1994 URL:http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html SUSE:SUSE-SU-2016:1995 URL:http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html SUSE:SUSE-SU-2016:2005 URL:http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html SUSE:SUSE-SU-2016:2009 URL:http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html SUSE:SUSE-SU-2016:2014 URL:http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html SUSE:SUSE-SU-2016:2074 URL:http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html UBUNTU:USN-3049-1 URL:http://www.ubuntu.com/usn/USN-3049-1 UBUNTU:USN-3050-1 URL:http://www.ubuntu.com/usn/USN-3050-1 UBUNTU:USN-2929-1 URL:http://www.ubuntu.com/usn/USN-2929-1 UBUNTU:USN-2929-2 URL:http://www.ubuntu.com/usn/USN-2929-2 UBUNTU:USN-2930-1 URL:http://www.ubuntu.com/usn/USN-2930-1 UBUNTU:USN-2930-2 URL:http://www.ubuntu.com/usn/USN-2930-2 UBUNTU:USN-2930-3 URL:http://www.ubuntu.com/usn/USN-2930-3 UBUNTU:USN-2931-1 URL:http://www.ubuntu.com/usn/USN-2931-1 UBUNTU:USN-2932-1 URL:http://www.ubuntu.com/usn/USN-2932-1 BID:84305 URL:http://www.securityfocus.com/bid/84305 SECTRACK:1036763 URL:http://www.securitytracker.com/id/1036763
Assigning CNA
N/A
Date Entry Created
20160313	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20160313)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org