CVE-2016-9555
kernel: Slab out-of-bounds access in sctp_sf_ootb()
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel before 4.8.8 lacks chunk-length checking for the first chunk, which allows remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data.
La función sctp_sf_ootb en net/sctp/sm_statefuns.c en el kernel Linux en versiones anteriores a 4.8.8 carece de comprobación de longitud de fragmento para el primer fragmento, lo que permite a atacantes remotos provocar una denegación de servicio (acceso slab fuera de límites) o tener otro posible impacto no especificado a través de datos SCTP manipulados.
A flaw was found in the Linux kernel's implementation of the SCTP protocol. A remote attacker could trigger an out-of-bounds read with an offset of up to 64kB potentially causing the system to crash.
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. The kernel-rt packages have been upgraded to version 3.10.0-514, which provides a number of security and bug fixes over the previous version. Security Fix: A use-after-free vulnerability was found in the kernel's socket recvmmsg subsystem. This may allow remote attackers to corrupt memory and may allow execution of arbitrary code. This corruption takes place during the error handling routines within __sys_recvmmsg() function.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-11-22 CVE Reserved
- 2016-11-28 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-18 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-125: Out-of-bounds Read
CAPEC
References (24)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2016/11/22/18 | Mailing List |
|
| http://www.securityfocus.com/bid/94479 | Third Party Advisory | |
| http://www.securitytracker.com/id/1037339 | Third Party Advisory | |
| https://bto.bluecoat.com/security-advisory/sa134 | Third Party Advisory | |
| https://groups.google.com/forum/#%21topic/syzkaller/pAUcHsUJbjk | X_refsource_confirm |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.2 < 3.2.85 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.2 < 3.2.85" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.3 < 3.10.105 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.3 < 3.10.105" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.11 < 3.12.68 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.11 < 3.12.68" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.13 < 3.16.40 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.13 < 3.16.40" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.17 < 3.18.49 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.17 < 3.18.49" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.19 < 4.4.32 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.19 < 4.4.32" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.5.0 < 4.8.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.5.0 < 4.8.8" | - |
Affected
| ||||||