CVE-2016-7117

CVSS v3.1 9.8 (Critical)

CVSS v2.0 10 (High)

EPSS 3.81 % (92^th)

Affected Products 3

Advisories 31

Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing.

Weaknesses

CWE-19: Data Processing Errors

CVE Status: PUBLISHED
CNA: Android (associated with Google Inc. or Open Handset Alliance)
Published Date: 2016-10-10 11:00:13
(8 years ago)
Updated Date: 2023-01-19 16:13:06
(20 months ago)

Affected Products

Configuration #1

		CPE23	From	Up To
	Debian Linux 7.0	cpe:2.3:o:debian:debian_linux:7.0

Configuration #2

	CPE23	From	Up To
Linux Kernel from 2.6.33 version and prior 3.2.80 version	cpe:2.3:o:linux:linux_kernel	>= 2.6.33	< 3.2.80
Linux Kernel from 3.3 version and prior 3.4.113 version	cpe:2.3:o:linux:linux_kernel	>= 3.3	< 3.4.113
Linux Kernel from 3.5 version and prior 3.10.102 version	cpe:2.3:o:linux:linux_kernel	>= 3.5	< 3.10.102
Linux Kernel from 3.11 version and prior 3.12.59 version	cpe:2.3:o:linux:linux_kernel	>= 3.11	< 3.12.59
Linux Kernel from 3.13 version and prior 3.14.67 version	cpe:2.3:o:linux:linux_kernel	>= 3.13	< 3.14.67
Linux Kernel from 3.15 version and prior 3.16.35 version	cpe:2.3:o:linux:linux_kernel	>= 3.15	< 3.16.35
Linux Kernel from 3.17 version and prior 3.18.37 version	cpe:2.3:o:linux:linux_kernel	>= 3.17	< 3.18.37
Linux Kernel from 3.19 version and prior 4.1.28 version	cpe:2.3:o:linux:linux_kernel	>= 3.19	< 4.1.28
Linux Kernel from 4.2.0 version and prior 4.4.8 version	cpe:2.3:o:linux:linux_kernel	>= 4.2.0	< 4.4.8
Linux Kernel from 4.5.0 version and prior 4.5.2 version	cpe:2.3:o:linux:linux_kernel	>= 4.5.0	< 4.5.2

Configuration #3

		CPE23	From	Up To
	Canonical Ubuntu Linux 16.04	cpe:2.3:o:canonical:ubuntu_linux:16.04:::*:lts

Weaknesses

Affected Products

Canonical

Debian

Linux

Configuration #1

Configuration #2

Configuration #3