Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-8645

Опубликовано: 10 нояб. 2016
Источник: redhat
CVSS3: 6.2
CVSS2: 4.9
EPSS Низкий

Описание

The TCP stack in the Linux kernel before 4.8.10 mishandles skb truncation, which allows local users to cause a denial of service (system crash) via a crafted application that makes sendto system calls, related to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c.

It was discovered that the Linux kernel since 3.6-rc1 with 'net.ipv4.tcp_fastopen' set to 1 can hit BUG() statement in tcp_collapse() function after making a number of certain syscalls leading to a possible system crash.

Отчет

This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6 as the code which can trigger the flaw is not present in the products listed. This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG-2. Future Linux kernel updates for the respective releases might address this issue.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelNot affected
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernel-rtFixedRHSA-2017:207701.08.2017
Red Hat Enterprise Linux 7kernelFixedRHSA-2017:184201.08.2017
Red Hat Enterprise MRG 2kernel-rtFixedRHSA-2017:266906.09.2017

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-617
https://bugzilla.redhat.com/show_bug.cgi?id=1393904kernel: a BUG() statement can be hit in net/ipv4/tcp_input.c

EPSS

Процентиль: 8%
0.00033
Низкий

6.2 Medium

CVSS3

4.9 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-8645

CVSS3: 5.5
ubuntu
больше 8 лет назад

The TCP stack in the Linux kernel before 4.8.10 mishandles skb truncation, which allows local users to cause a denial of service (system crash) via a crafted application that makes sendto system calls, related to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c.

nvd логотип

CVE-2016-8645

CVSS3: 5.5
nvd
больше 8 лет назад

The TCP stack in the Linux kernel before 4.8.10 mishandles skb truncation, which allows local users to cause a denial of service (system crash) via a crafted application that makes sendto system calls, related to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c.

debian логотип

CVE-2016-8645

CVSS3: 5.5
debian
больше 8 лет назад

The TCP stack in the Linux kernel before 4.8.10 mishandles skb truncat ...

github логотип

GHSA-m4qp-vxp4-qpqr

CVSS3: 5.5
github
около 3 лет назад

The TCP stack in the Linux kernel before 4.8.10 mishandles skb truncation, which allows local users to cause a denial of service (system crash) via a crafted application that makes sendto system calls, related to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c.

suse-cvrf логотип

openSUSE-SU-2017:0458-1

suse-cvrf
больше 8 лет назад

Security update for the Linux Kernel

EPSS

Процентиль: 8%
0.00033
Низкий

6.2 Medium

CVSS3

4.9 Medium

CVSS2