CVE-2016-4557
moderate-risk
Published 2016-05-23
The replace_map_fd_with_map_ptr function in kernel/bpf/verifier.c in the Linux kernel before 4.5.5 does not properly maintain an fd data structure, which allows local users to gain privileges or cause a denial of service (use-after-free) via crafted BPF instructions that reference an incorrect file descriptor.
Do I need to act?
!
18.6% chance of exploitation in next 30 days
EPSS score — higher than 81% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.8/10
High
LOCAL
/ LOW complexity
Affected Products (1)
Affected Vendors
References (18)
Vendor Advisory
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5
Third Party Advisory
https://bugs.chromium.org/p/project-zero/issues/detail?id=808
Third Party Advisory
https://bugs.debian.org/823603
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=1334307
Third Party Advisory
https://www.exploit-db.com/exploits/40759/
Vendor Advisory
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5
Third Party Advisory
https://bugs.chromium.org/p/project-zero/issues/detail?id=808
Third Party Advisory
https://bugs.debian.org/823603
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=1334307
Third Party Advisory
https://www.exploit-db.com/exploits/40759/
49
/ 100
moderate-risk
Severity
24/34 · High
Exploitability
20/34 · Moderate
Exposure
5/34 · Minimal