CVE-2016-4998

CVSS v3.0 7.1 (High)

CVSS v2.0 5.6 (Medium)

EPSS 0.04 % (11^th)

Affected Products 3

Advisories 24

The IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel before 4.6 allows local users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from kernel heap memory by leveraging in-container root access to provide a crafted offset value that leads to crossing a ruleset blob boundary.

Weaknesses

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2016-07-03 21:59:17
(8 years ago)
Updated Date: 2023-02-12 23:22:41
(19 months ago)

Affected Products

Configuration #1

		CPE23	From	Up To
	Linux Kernel 4.5.5 and prior versions	cpe:2.3:o:linux:linux_kernel		<= 4.5.5

Configuration #2

		CPE23	From	Up To
	Oracle Linux 7	cpe:2.3:o:oracle:linux:7

Configuration #3

		CPE23	From	Up To
	Canonical Ubuntu Linux 12.04	cpe:2.3:o:canonical:ubuntu_linux:12.04:::*:lts
	Canonical Ubuntu Linux 14.04	cpe:2.3:o:canonical:ubuntu_linux:14.04:::*:lts
	Canonical Ubuntu Linux 15.10	cpe:2.3:o:canonical:ubuntu_linux:15.10
	Canonical Ubuntu Linux 16.04	cpe:2.3:o:canonical:ubuntu_linux:16.04:::*:lts

Weaknesses

Affected Products

Canonical

Linux

Oracle

Configuration #1

Configuration #2

Configuration #3