The tcp_check_send_head function in include/net/tcp.h in the Linux kernel before 4.7.5 does not properly maintain certain SACK state after a failed data copy, which allows local users to cause a denial of service (tcp_xmit_retransmit_queue use-after-free and system crash) via a crafted SACK option.

References

git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bb1fceca22492109be12640d49f5ea5a544c6bb4

rhn.redhat.com/errata/RHSA-2017-0036.html

rhn.redhat.com/errata/RHSA-2017-0086.html

rhn.redhat.com/errata/RHSA-2017-0091.html

rhn.redhat.com/errata/RHSA-2017-0113.html

www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.5

www.openwall.com/lists/oss-security/2016/08/15/1

www.securityfocus.com/bid/92452

bugzilla.redhat.com/show_bug.cgi?id=1367091

github.com/torvalds/linux/commit/bb1fceca22492109be12640d49f5ea5a544c6bb4

marcograss.github.io/security/linux/2016/08/18/cve-2016-6828-linux-kernel-tcp-uaf.html

source.android.com/security/bulletin/2016-11-01.html

fedora 4

cvelist 1

zdt 1

nessus 47

debiancve 1

packetstorm 1

ubuntucve 1

exploitpack 1

veracode 1

amazon 1

android 1

openvas 32

redhatcve 1

f5 1

nvd 1

cve 1

exploitdb 1

mageia 3

centos 2

ubuntu 8

redhat 4

oraclelinux 6

cloudfoundry 1

virtuozzo 3

debian 3

osv 2

ibm 4

suse 10

androidsecurity 1

lenovo 1

fedora

[SECURITY] Fedora 23 Update: kernel-4.6.7-200.fc23

2016-08-23 15:24:07

[SECURITY] Fedora 24 Update: kernel-4.6.7-300.fc24

2016-08-23 12:51:13

[SECURITY] Fedora 23 Update: kernel-4.7.2-101.fc23

2016-09-02 23:22:48

cvelist

CVE-2016-6828

2016-10-16 21:00:00

zdt

Linux Kernel - TCP Related Read Use-After-Free Exploit

2016-11-08 00:00:00

nessus

Amazon Linux AMI : kernel (ALAS-2016-740)

2016-09-02 00:00:00

F5 Networks BIG-IP : Kernel vulnerability (K62442245)

2019-03-06 00:00:00

Fedora 24 : kernel (2016-5e24d8c350)

2016-08-24 00:00:00

debiancve

CVE-2016-6828

2016-10-16 21:59:08

packetstorm

Linux Kernel TCP Related Read Use-After-Free

2016-11-09 00:00:00

ubuntucve

CVE-2016-6828

2016-08-18 00:00:00

exploitpack

Linux Kernel - TCP Related Read Use-After-Free

2016-08-18 00:00:00

veracode

Denial Of Service (DoS)

2019-01-15 09:14:58

amazon

Medium: kernel

2016-09-01 18:00:00

android

CVE-2016-6828

2016-11-01 00:00:00

openvas

Amazon Linux: Security Advisory (ALAS-2016-740)

2016-10-26 00:00:00

Fedora Update for kernel FEDORA-2016-723350dd75

2016-08-26 00:00:00

Fedora Update for kernel FEDORA-2016-5e24d8c350

2016-08-26 00:00:00

redhatcve

CVE-2016-6828

2016-08-18 21:03:31

K62442245 : Kernel vulnerability CVE-2016-6828

2016-12-21 00:00:00

nvd

CVE-2016-6828

2016-10-16 21:59:08

cve

CVE-2016-6828

2016-10-16 21:59:08

exploitdb

Linux Kernel - TCP Related Read Use-After-Free

2016-08-18 00:00:00

mageia

Updated kernel packages fixes security vulnerabilities

2016-10-20 22:31:18

Updated kernel-tmb package fixes security issues

2016-11-04 11:43:04

Update request kernel-linus-4.4.26-1 fixes security issues

2016-11-04 10:58:56

centos

kernel, perf, python security update

2017-01-19 13:30:14

kernel, perf, python security update

2017-01-12 15:47:38

ubuntu

Linux kernel (OMAP4) vulnerabilities

2016-10-13 00:00:00

Linux kernel (Xenial HWE) vulnerabilities

2016-10-11 00:00:00

Linux kernel (Qualcomm Snapdragon) vulnerabilities

2016-10-11 00:00:00

redhat

(RHSA-2017:0091) Important: kernel-rt security and bug fix update

2017-01-17 15:24:41

(RHSA-2017:0036) Important: kernel security and bug fix update

2017-01-10 16:12:05

(RHSA-2017:0086) Important: kernel security, bug fix, and enhancement update

2017-01-17 15:24:29

oraclelinux

kernel security, bug fix, and enhancement update

2017-01-17 00:00:00

kernel security and bug fix update

2017-01-10 00:00:00

Unbreakable Enterprise kernel security update

2017-01-12 00:00:00

cloudfoundry

USN-3099-2 Linux kernel vulnerabilities | Cloud Foundry

2016-10-01 00:00:00

virtuozzo

Critical kernel security update: vulnerability fixes CVE-2016-7910, CVE-2016-7911 (and other), new kernel 2.6.32-042stab120.11

2016-11-21 00:00:00

Kernel security update: new kernel 2.6.32-042stab123.1 for Virtuozzo Containers for Linux 4.7, Server Bare Metal 5.0

2017-03-30 00:00:00

Kernel security update: new kernel 2.6.32-042stab123.1, Virtuozzo 6.0 Update 12 Hotfix 7 (6.0.12-)

2017-03-30 00:00:00

debian

[SECURITY] [DSA 3659-1] linux security update

2016-09-04 17:24:55

[SECURITY] [DSA 3659-1] linux security update

2016-09-04 17:24:55

[SECURITY] [DLA 609-1] linux security update

2016-09-03 11:53:47

osv

linux - security update

2016-09-04 00:00:00

linux - security update

2016-09-03 00:00:00

ibm

Security Bulletin: IBM Security Access Manager appliances are affected by kernel vulnerabilities

2018-06-16 22:03:36

Security Bulletin: Vulnerabilities in the Linux Kernel affect PowerKVM

2018-06-18 01:37:19

Security Bulletin: IBM QRadar Network Security is affected by vulnerabilities in Linux kernel

2018-06-16 22:02:07

suse

Security update for the Linux Kernel (important)

2016-12-09 18:11:19

Security update for the Linux Kernel (important)

2016-12-06 13:08:43

Security update for the Linux Kernel (important)

2016-10-25 19:06:08

androidsecurity

Android Security Bulletin—November 2016

2016-11-07 00:00:00

lenovo

AMI MegaRAC SP-X BMC Vulnerabilities - Lenovo Support US

2020-04-13 19:22:04

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

AI Score

6.4

Confidence

Low

EPSS

Percentile

15.7%

JSON

Related for PRION:CVE-2016-6828