Lucene search

K
cve[email protected]CVE-2016-9806
HistoryDec 28, 2016 - 7:59 a.m.

CVE-2016-9806

2016-12-2807:59:00
CWE-415
CWE-362
web.nvd.nist.gov
121
cve-2016-9806
linux kernel
netlink
race condition
denial of service
double free
nvd

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.5

Confidence

High

EPSS

0

Percentile

5.1%

Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel before 4.6.3 allows local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that makes sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated.

Affected configurations

NVD
Node
linuxlinux_kernelRange3.123.12.62
OR
linuxlinux_kernelRange3.133.14.73
OR
linuxlinux_kernelRange3.153.16.37
OR
linuxlinux_kernelRange3.173.18.37
OR
linuxlinux_kernelRange3.194.1.28
OR
linuxlinux_kernelRange4.24.4.14
OR
linuxlinux_kernelRange4.54.6.3

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.5

Confidence

High

EPSS

0

Percentile

5.1%