CVE-2016-10229

CVSS v3.1 9.8 (Critical)

CVSS v2.0 10 (High)

EPSS 3.47 % (92^th)

Affected Products 2

Advisories 4

udp.c in the Linux kernel before 4.5 allows remote attackers to execute arbitrary code via UDP traffic that triggers an unsafe second checksum calculation during execution of a recv system call with the MSG_PEEK flag.

Weaknesses

CWE-358: Improperly Implemented Security Check for Standard

CVE Status: PUBLISHED
CNA: Android (associated with Google Inc. or Open Handset Alliance)
Published Date: 2017-04-04 05:59:00
(7 years ago)
Updated Date: 2022-11-03 20:19:56
(22 months ago)

Affected Products

Google

Android

Linux

Linux Kernel

Configuration #1

	CPE23	From	Up To
Linux Kernel from 3.2 version and prior 3.2.76 version	cpe:2.3:o:linux:linux_kernel	>= 3.2	< 3.2.76
Linux Kernel from 3.3 version and prior 3.4.113 version	cpe:2.3:o:linux:linux_kernel	>= 3.3	< 3.4.113
Linux Kernel from 3.5 version and prior 3.10.103 version	cpe:2.3:o:linux:linux_kernel	>= 3.5	< 3.10.103
Linux Kernel from 3.11 version and prior 3.12.53 version	cpe:2.3:o:linux:linux_kernel	>= 3.11	< 3.12.53
Linux Kernel from 3.13 version and prior 3.14.77 version	cpe:2.3:o:linux:linux_kernel	>= 3.13	< 3.14.77
Linux Kernel from 3.15 version and prior 3.16.35 version	cpe:2.3:o:linux:linux_kernel	>= 3.15	< 3.16.35
Linux Kernel from 3.17 version and prior 3.18.45 version	cpe:2.3:o:linux:linux_kernel	>= 3.17	< 3.18.45
Linux Kernel from 3.19 version and prior 4.1.40 version	cpe:2.3:o:linux:linux_kernel	>= 3.19	< 4.1.40
Linux Kernel from 4.2 version and prior 4.4.21 version	cpe:2.3:o:linux:linux_kernel	>= 4.2	< 4.4.21

Configuration #2

		CPE23	From	Up To
	Google Android 7.1.1 and prior versions	cpe:2.3:o:google:android		<= 7.1.1