CVE-2016-8655

high-risk
Published 2016-12-08

Race condition in net/packet/af_packet.c in the Linux kernel through 4.8.12 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging the CAP_NET_RAW capability to change a socket version, related to the packet_set_ring and packet_setsockopt functions.

Do I need to act?

!
38.3% chance of exploitation in next 30 days
EPSS score — higher than 62% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
3 public exploits available
44696, 40871, 47170
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.8/10 High
LOCAL / LOW complexity

Affected Products (5)

Affected Vendors

Canonical Linux

References (68)

Patch http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=84ac72...
Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00044.html
Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00054.html
Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00055.html
Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00056.html
Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00067.html
Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00070.html
Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00073.html
Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00076.html
Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00077.html
Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00087.html
Third Party Advisory http://packetstormsecurity.com/files/140063/Linux-Kernel-4.4.0-AF_PACKET-Race-Co...
Third Party Advisory http://rhn.redhat.com/errata/RHSA-2017-0386.html
Third Party Advisory http://rhn.redhat.com/errata/RHSA-2017-0387.html
Third Party Advisory http://rhn.redhat.com/errata/RHSA-2017-0402.html
Mailing List http://www.openwall.com/lists/oss-security/2016/12/06/1
Third Party Advisory http://www.securityfocus.com/bid/94692
Third Party Advisory http://www.securitytracker.com/id/1037403
Third Party Advisory http://www.securitytracker.com/id/1037968
Third Party Advisory http://www.ubuntu.com/usn/USN-3149-1
and 48 more references
60
/ 100
high-risk
Severity 24/34 · High
Exploitability 24/34 · High
Exposure 12/34 · Low