CVE-2016-3134

high-risk

Published 2016-04-27

The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call.

Do I need to act?

0.04% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

1 public exploit available

39545

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.4/10 High

LOCAL / LOW complexity

Affected Products (16)

Suse Linux Enterprise Software Development Kit

Suse Linux Enterprise Debuginfo

Suse Linux Enterprise Desktop

Suse Linux Enterprise Live Patching

Suse Linux Enterprise Server

Suse Linux Enterprise Workstation Extension

Linux Kernel

Suse Linux Enterprise Software Development Kit

Suse Linux Enterprise Module For Public Cloud

Suse Linux Enterprise Real Time Extension

Suse Linux Enterprise Server

Affected Vendors

Linux Novell

References (82)

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54d83f...

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html

http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00056.html

http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html

and 62 more references

/ 100

high-risk

Severity 26/34 · High

Exploitability 7/34 · Low

Exposure 18/34 · Moderate