Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-3841

Опубликовано: 08 авг. 2016
Источник: redhat
CVSS3: 8.4
CVSS2: 6.9

Описание

The IPv6 stack in the Linux kernel before 4.3.3 mishandles options data, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call.

It was found that the Linux kernel's IPv6 implementation mishandled socket options. A local attacker could abuse concurrent access to the socket options to escalate their privileges, or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call.

Отчет

This issue affects Red Hat Enterprise Linux 6 and 7 kernels. This issue was fixed in a version 6 prior to this issue being raised. As this issue is rated as important, it has been scheduled to be fixed in a future version of Red Hat Enterprise Linux 7.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelNot affected
Red Hat Enterprise MRG 2realtime-kernelAffected
Red Hat Enterprise Linux 6kernelFixedRHSA-2016:085510.05.2016
Red Hat Enterprise Linux 7kernel-rtFixedRHSA-2016:258403.11.2016
Red Hat Enterprise Linux 7kernelFixedRHSA-2016:257403.11.2016
Red Hat Enterprise Linux 7.2 Extended Update SupportkernelFixedRHSA-2016:269509.11.2016

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-667
https://bugzilla.redhat.com/show_bug.cgi?id=1364971kernel: use-after-free via crafted IPV6 sendmsg for raw / tcp / udp / l2tp sockets.

8.4 High

CVSS3

6.9 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-3841

CVSS3: 7.3
ubuntu
почти 9 лет назад

The IPv6 stack in the Linux kernel before 4.3.3 mishandles options data, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call.

nvd логотип

CVE-2016-3841

CVSS3: 7.3
nvd
почти 9 лет назад

The IPv6 stack in the Linux kernel before 4.3.3 mishandles options data, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call.

debian логотип

CVE-2016-3841

CVSS3: 7.3
debian
почти 9 лет назад

The IPv6 stack in the Linux kernel before 4.3.3 mishandles options dat ...

github логотип

GHSA-2jwc-wqjh-543h

CVSS3: 7.3
github
около 3 лет назад

The IPv6 stack in the Linux kernel before 4.3.3 mishandles options data, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call.

fstec логотип

BDU:2016-01939

CVSS3: 7.3
fstec
больше 9 лет назад

Уязвимость стека IPv6 ядра Linux операционной системы Android, позволяющая нарушителю вызвать отказ в обслуживании или повысить свои привилегии

8.4 High

CVSS3

6.9 Medium

CVSS2