// For flags

CVE-2016-8655

Linux 4.4.0 < 4.4.0-53 - 'AF_PACKET chocobo_root' Local Privilege Escalation

Severity Score

7.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

5
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Race condition in net/packet/af_packet.c in the Linux kernel through 4.8.12 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging the CAP_NET_RAW capability to change a socket version, related to the packet_set_ring and packet_setsockopt functions.

Condición de carrera en net/packet/af_packet.c en el kernel de Linux hasta la versión 4.8.12 permite a usuarios locales obtener privilegios o provocar una denegación de servicio (uso después de liberación de memoria) aprovechando la capacidad CAP_NET_RAW de cambiar una versión socket, relacionado con las funciones packet_set_ring y packet_setsockopt.

A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets implementation in the Linux kernel networking subsystem handled synchronization while creating the TPACKET_V3 ring buffer. A local user able to open a raw packet socket (requires the CAP_NET_RAW capability) could use this flaw to elevate their privileges on the system.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
Attack Vector
Local
Attack Complexity
Medium
Authentication
Single
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2016-10-12 CVE Reserved
  • 2016-12-06 CVE Published
  • 2016-12-08 First Exploit
  • 2023-03-08 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
  • CWE-416: Use After Free
CAPEC
References (38)
URL Date SRC
http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00044.html 2023-02-12
http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00054.html 2023-02-12
http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00055.html 2023-02-12
http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00056.html 2023-02-12
http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00067.html 2023-02-12
http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00070.html 2023-02-12
http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00073.html 2023-02-12
http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00076.html 2023-02-12
http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00077.html 2023-02-12
http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00087.html 2023-02-12
http://rhn.redhat.com/errata/RHSA-2017-0386.html 2023-02-12
http://rhn.redhat.com/errata/RHSA-2017-0387.html 2023-02-12
http://rhn.redhat.com/errata/RHSA-2017-0402.html 2023-02-12
http://www.ubuntu.com/usn/USN-3149-1 2023-02-12
http://www.ubuntu.com/usn/USN-3149-2 2023-02-12
http://www.ubuntu.com/usn/USN-3150-1 2023-02-12
http://www.ubuntu.com/usn/USN-3150-2 2023-02-12
http://www.ubuntu.com/usn/USN-3151-1 2023-02-12
http://www.ubuntu.com/usn/USN-3151-2 2023-02-12
http://www.ubuntu.com/usn/USN-3151-3 2023-02-12
http://www.ubuntu.com/usn/USN-3151-4 2023-02-12
http://www.ubuntu.com/usn/USN-3152-1 2023-02-12
http://www.ubuntu.com/usn/USN-3152-2 2023-02-12
https://bugzilla.redhat.com/show_bug.cgi?id=1400019 2017-03-02
https://access.redhat.com/security/cve/CVE-2016-8655 2017-03-02
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 3.2 < 3.2.85
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.2 < 3.2.85"
-
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 3.3 < 3.10.106
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.3 < 3.10.106"
-
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 3.11 < 3.12.69
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.11 < 3.12.69"
-
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 3.13 < 3.16.40
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.13 < 3.16.40"
-
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 3.17 < 3.18.46
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.17 < 3.18.46"
-
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 3.19 < 4.1.37
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.19 < 4.1.37"
-
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 4.2 < 4.4.38
Search vendor "Linux" for product "Linux Kernel" and version " >= 4.2 < 4.4.38"
-
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 4.5 < 4.8.14
Search vendor "Linux" for product "Linux Kernel" and version " >= 4.5 < 4.8.14"
-
Affected
Canonical
Search vendor "Canonical"
Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
12.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04"
-
Affected
Canonical
Search vendor "Canonical"
Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
14.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04"
esm
Affected
Canonical
Search vendor "Canonical"
Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
16.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04"
esm
Affected
Canonical
Search vendor "Canonical"
Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
16.10
Search vendor "Canonical" for product "Ubuntu Linux" and version "16.10"
-
Affected