1. Home
  2. Vulnerabilities
  3. CVE-2016-9793

CVE-2016-9793

CVSS v3.1 7.8 (High)
78% Progress
CVSS v2.0 7.2 (High)
72% Progress
EPSS 0.04 % (17th)
0.04% Progress
Affected Products 1
Advisories 26
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

The sock_setsockopt function in net/core/sock.c in the Linux kernel before 4.8.14 mishandles negative values of sk_sndbuf and sk_rcvbuf, which allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option.

Weaknesses
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE Status
PUBLISHED
CNA
MITRE
Published Date
2016-12-28 07:59:00
(7 years ago)
Updated Date
2023-01-17 21:05:19
(20 months ago)

Affected Products

Linux

Configuration #1

    CPE23 From Up To
  Linux Kernel from 3.5 version and prior 3.12.69 version cpe:2.3:o:linux:linux_kernel >= 3.5 < 3.12.69
  Linux Kernel from 3.13 version and prior 3.16.40 version cpe:2.3:o:linux:linux_kernel >= 3.13 < 3.16.40
  Linux Kernel from 3.17 version and prior 3.18.52 version cpe:2.3:o:linux:linux_kernel >= 3.17 < 3.18.52
  Linux Kernel from 3.19 version and prior 4.1.50 version cpe:2.3:o:linux:linux_kernel >= 3.19 < 4.1.50
  Linux Kernel from 4.2 version and prior 4.4.38 version cpe:2.3:o:linux:linux_kernel >= 4.2 < 4.4.38
  Linux Kernel from 4.5 version and prior 4.8.14 version cpe:2.3:o:linux:linux_kernel >= 4.5 < 4.8.14