CVE-2016-8655
Linux 4.4.0 < 4.4.0-53 - 'AF_PACKET chocobo_root' Local Privilege Escalation
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
5Exploited in Wild
-Decision
Descriptions
Race condition in net/packet/af_packet.c in the Linux kernel through 4.8.12 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging the CAP_NET_RAW capability to change a socket version, related to the packet_set_ring and packet_setsockopt functions.
Condición de carrera en net/packet/af_packet.c en el kernel de Linux hasta la versión 4.8.12 permite a usuarios locales obtener privilegios o provocar una denegación de servicio (uso después de liberación de memoria) aprovechando la capacidad CAP_NET_RAW de cambiar una versión socket, relacionado con las funciones packet_set_ring y packet_setsockopt.
A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets implementation in the Linux kernel networking subsystem handled synchronization while creating the TPACKET_V3 ring buffer. A local user able to open a raw packet socket (requires the CAP_NET_RAW capability) could use this flaw to elevate their privileges on the system.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-10-12 CVE Reserved
- 2016-12-06 CVE Published
- 2016-12-08 First Exploit
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
- CWE-416: Use After Free
CAPEC
References (38)
URL | Tag | Source |
---|---|---|
http://packetstormsecurity.com/files/140063/Linux-Kernel-4.4.0-AF_PACKET-Race-Condition-Privilege-Escalation.html | Third Party Advisory | |
http://www.openwall.com/lists/oss-security/2016/12/06/1 | Mailing List | |
http://www.securityfocus.com/bid/94692 | Third Party Advisory | |
http://www.securitytracker.com/id/1037403 | Third Party Advisory | |
http://www.securitytracker.com/id/1037968 | Third Party Advisory | |
https://source.android.com/security/bulletin/2017-03-01.html | Third Party Advisory |
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/44696 | 2024-08-06 | |
https://www.exploit-db.com/exploits/40871 | 2024-08-06 | |
https://www.exploit-db.com/exploits/47170 | 2018-12-29 | |
https://github.com/LakshmiDesai/CVE-2016-8655 | 2016-12-08 | |
https://github.com/KosukeShimofuji/CVE-2016-8655 | 2016-12-12 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.2 < 3.2.85 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.2 < 3.2.85" | - |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.3 < 3.10.106 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.3 < 3.10.106" | - |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.11 < 3.12.69 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.11 < 3.12.69" | - |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.13 < 3.16.40 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.13 < 3.16.40" | - |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.17 < 3.18.46 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.17 < 3.18.46" | - |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.19 < 4.1.37 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.19 < 4.1.37" | - |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.2 < 4.4.38 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.2 < 4.4.38" | - |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.5 < 4.8.14 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.5 < 4.8.14" | - |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 12.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04" | - |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04" | esm |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | esm |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.10" | - |
Affected
|