7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
7.9%
Dear UCloud users:
The Linux kernel is proof of the presence of conditions of competition of high-risk vulnerabilities, exploit the vulnerability from low rights processes executing kernel code, harm the serious. Please check you are using the kernel is in the affected range, and timely upgrades.
Scope of impact
centos 5 and 6 are not affected
centos 7 default is not affected by the impact of open namespaces after the affected)
ubuntu 12.04 14.04 affected
Debian 7, and 8 affected
Solution
Please make a backup of the work, in order to avoid a kernel repair after an accident situation
Vulnerability details
CVE-2016-8655: Linux (net/packet/af_packet. c)the presence of conditions of competition vulnerability that can allow low-privileged process to obtain the kernel code to execute permission. Vulnerability as early as 2011(v3. 2-rc1)version are found in 2016 11 on v4. 9-rc8 version is fixed.
POC: the https://www.exploit-db.com/exploits/40871/
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
7.9%