Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-10229

Опубликовано: 30 дек. 2015
Источник: redhat
CVSS3: 8.1
EPSS Низкий

Описание

udp.c in the Linux kernel before 4.5 allows remote attackers to execute arbitrary code via UDP traffic that triggers an unsafe second checksum calculation during execution of a recv system call with the MSG_PEEK flag.

The Linux kernel allows remote attackers to execute arbitrary code via UDP traffic that triggers an unsafe second checksum calculation during execution of a recv system call with the MSG_PEEK flag. This may create a kernel panic or memory corruption leading to privilege escalation.

Отчет

This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6 as the code that introduced the flaw is not present in these products. This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 7, Red Hat Enterprise MRG 2, and realtime kernels as these contain the fixed commit.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelNot affected
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelNot affected
Red Hat Enterprise Linux 7kernel-rtNot affected
Red Hat Enterprise MRG 2realtime-kernelNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-662
https://bugzilla.redhat.com/show_bug.cgi?id=1439740kernel: net: Unsafe second checksum calculation in udp.c

EPSS

Процентиль: 81%
0.01664
Низкий

8.1 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2016-10229

CVSS3: 9.8
ubuntu
около 8 лет назад

udp.c in the Linux kernel before 4.5 allows remote attackers to execute arbitrary code via UDP traffic that triggers an unsafe second checksum calculation during execution of a recv system call with the MSG_PEEK flag.

nvd логотип

CVE-2016-10229

CVSS3: 9.8
nvd
около 8 лет назад

udp.c in the Linux kernel before 4.5 allows remote attackers to execute arbitrary code via UDP traffic that triggers an unsafe second checksum calculation during execution of a recv system call with the MSG_PEEK flag.

debian логотип

CVE-2016-10229

CVSS3: 9.8
debian
около 8 лет назад

udp.c in the Linux kernel before 4.5 allows remote attackers to execut ...

github логотип

GHSA-gm6m-fgmp-cp9x

CVSS3: 9.8
github
около 3 лет назад

udp.c in the Linux kernel before 4.5 allows remote attackers to execute arbitrary code via UDP traffic that triggers an unsafe second checksum calculation during execution of a recv system call with the MSG_PEEK flag.

fstec логотип

BDU:2017-00894

CVSS3: 9.8
fstec
больше 9 лет назад

Уязвимость компонента udp.c ядра операционной системы Linux, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 81%
0.01664
Низкий

8.1 High

CVSS3

Уязвимость CVE-2016-10229