logo
DATABASE RESOURCES PRICING ABOUT US

CVE-2016-9793

Description

The sock_setsockopt function in net/core/sock.c in the Linux kernel before 4.8.14 mishandles negative values of sk_sndbuf and sk_rcvbuf, which allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option. #### Notes Author| Note ---|--- [sbeattie](<https://launchpad.net/~sbeattie>) | the overflows exist for SO_{SND|RCV}BUFFORCE, so it's possible for a process with CAP_NET_ADMIN to do this. However, the check for CAP_NET_ADMIN is via capable() *not* ns_capable(), so the process attempting this has to have CAP_NET_ADMIN in the init_ns; having it in a new user namespace (i.e. via unshare()) is not sufficient. Thus, this cannot be exploited by an unprivileged user dropping into an unprivileged user namespace. Hence the low priority.


Affected Package


OS OS Version Package Name Package Version
ubuntu 14.04 linux 3.13.0-107.154
ubuntu upstream linux 4.9~rc8
ubuntu 16.04 linux 4.4.0-59.80
ubuntu 16.10 linux 4.8.0-34.36
ubuntu upstream linux-armadaxp 4.9~rc8
ubuntu upstream linux-aws 4.9~rc8
ubuntu 16.04 linux-aws 4.4.0-1003.12
ubuntu upstream linux-flo 4.9~rc8
ubuntu upstream linux-gke 4.9~rc8
ubuntu upstream linux-goldfish 4.9~rc8
ubuntu upstream linux-grouper 4.9~rc8
ubuntu upstream linux-hwe 4.9~rc8
ubuntu upstream linux-hwe-edge 4.9~rc8
ubuntu upstream linux-linaro-omap 4.9~rc8
ubuntu upstream linux-linaro-shared 4.9~rc8
ubuntu upstream linux-linaro-vexpress 4.9~rc8
ubuntu upstream linux-lts-quantal 4.9~rc8
ubuntu upstream linux-lts-raring 4.9~rc8
ubuntu upstream linux-lts-saucy 4.9~rc8
ubuntu upstream linux-lts-trusty 4.9~rc8
ubuntu upstream linux-lts-utopic 4.9~rc8
ubuntu 14.04 linux-lts-vivid trusty was released [3.19.0-79.87~14.04.1]
ubuntu upstream linux-lts-vivid 4.9~rc8
ubuntu upstream linux-lts-wily 4.9~rc8
ubuntu 14.04 linux-lts-xenial 4.4.0-59.80~14.04.1
ubuntu upstream linux-lts-xenial 4.9~rc8
ubuntu upstream linux-maguro 4.9~rc8
ubuntu upstream linux-mako 4.9~rc8
ubuntu upstream linux-manta 4.9~rc8
ubuntu upstream linux-qcm-msm 4.9~rc8
ubuntu upstream linux-raspi2 4.9~rc8
ubuntu 16.04 linux-raspi2 4.4.0-1040.47
ubuntu 16.10 linux-raspi2 4.8.0-1022.25
ubuntu upstream linux-snapdragon 4.9~rc8
ubuntu 16.04 linux-snapdragon 4.4.0-1044.48
ubuntu 16.10 linux-snapdragon 4.4.0-1046.50
ubuntu upstream linux-ti-omap4 4.9~rc8

Related