CVE-2016-4998

Published on: 07/03/2016 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:26:58 PM UTC

CVE-2016-4998

Source: Mitre
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Certain versions of Ubuntu Linux from Canonical contain the following vulnerability:

The IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel before 4.6 allows local users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from kernel heap memory by leveraging in-container root access to provide a crafted offset value that leads to crossing a ruleset blob boundary.

  • CVE-2016-4998 has been assigned by [email protected] to track the vulnerability - currently rated as HIGH severity.

CVSS3 Score: 7.1 - HIGH

Attack
Vector 		Attack
Complexity		 Privileges
Required		 User
Interaction
LOCAL LOW LOW NONE
Scope Confidentiality
Impact		 Integrity
Impact		 Availability
Impact
UNCHANGED HIGH NONE HIGH

CVSS2 Score: 5.6 - MEDIUM

Access
Vector		 Access
Complexity		 Authentication
LOCAL LOW NONE
Confidentiality
Impact		 Integrity
Impact		 Availability
Impact
PARTIAL NONE COMPLETE

CVE References

Description Tags Link
USN-3018-2: Linux kernel (Trusty HWE) vulnerabilities | Ubuntu Third Party Advisory
www.ubuntu.com
text/html
 URL Logo UBUNTU USN-3018-2
USN-3016-3: Linux kernel (Qualcomm Snapdragon) vulnerabilities | Ubuntu Third Party Advisory
www.ubuntu.com
text/html
 URL Logo UBUNTU USN-3016-3
Red Hat Customer Portal web.archive.org
text/html
Inactive LinkNot Archived
 URL Logo REDHAT RHSA-2016:1883
USN-3016-1: Linux kernel vulnerabilities | Ubuntu Third Party Advisory
www.ubuntu.com
text/html
 URL Logo UBUNTU USN-3016-1
oss-security - Linux CVE-2016-4997 (local privilege escalation) and CVE-2016-4998 (out of bounds memory access) www.openwall.com
text/html
 URL Logo MLIST [oss-security] 20160624 Linux CVE-2016-4997 (local privilege escalation) and CVE-2016-4998 (out of bounds memory access)
USN-3017-3: Linux kernel (Wily HWE) vulnerabilities | Ubuntu Third Party Advisory
www.ubuntu.com
text/html
 URL Logo UBUNTU USN-3017-3
Linux Kernel Multiple Local Memory Corruption Vulnerabilities cve.report (archive)
text/html
 URL Logo BID 91451
Oracle Linux Bulletin - July 2016 Third Party Advisory
web.archive.org
text/html
Inactive LinkNot Archived
 URL Logo CONFIRM www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
kernel/git/torvalds/linux.git - Linux kernel source tree git.kernel.org
text/html
 URL Logo CONFIRM git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6e94e0cfb0887e4013b3b930fa6ab1fe6bb6ba91
Oracle Linux Bulletin - October 2016 www.oracle.com
text/html
 URL Logo CONFIRM www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
USN-3017-1: Linux kernel vulnerabilities | Ubuntu Third Party Advisory
www.ubuntu.com
text/html
 URL Logo UBUNTU USN-3017-1
USN-3017-2: Linux kernel (Raspberry Pi 2) vulnerabilities | Ubuntu Third Party Advisory
www.ubuntu.com
text/html
 URL Logo UBUNTU USN-3017-2
USN-3016-4: Linux kernel (Xenial HWE) vulnerabilities | Ubuntu Third Party Advisory
www.ubuntu.com
text/html
 URL Logo UBUNTU USN-3016-4
Red Hat Customer Portal web.archive.org
text/html
Inactive LinkNot Archived
 URL Logo REDHAT RHSA-2016:1875
USN-3019-1: Linux kernel (Utopic HWE) vulnerabilities | Ubuntu Third Party Advisory
www.ubuntu.com
text/html
 URL Logo UBUNTU USN-3019-1
Debian -- Security Information -- DSA-3607-1 linux www.debian.org
Depreciated Link
text/html
 URL Logo DEBIAN DSA-3607
Oracle VM Server for x86 Bulletin - October 2016 www.oracle.com
text/html
 URL Logo CONFIRM www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
Red Hat Customer Portal web.archive.org
text/html
Inactive LinkNot Archived
 URL Logo REDHAT RHSA-2016:1847
Red Hat Customer Portal web.archive.org
text/html
Inactive LinkNot Archived
 URL Logo REDHAT RHSA-2017:0036
USN-3020-1: Linux kernel (Vivid HWE) vulnerabilities | Ubuntu Third Party Advisory
www.ubuntu.com
text/html
 URL Logo UBUNTU USN-3020-1
USN-3016-2: Linux kernel (Raspberry Pi 2) vulnerabilities | Ubuntu Third Party Advisory
www.ubuntu.com
text/html
 URL Logo UBUNTU USN-3016-2
netfilter: x_tables: make sure e->next_offset covers remaining blob size · torvalds/[email protected] · GitHub Patch
Vendor Advisory
github.com
text/html
 URL Logo CONFIRM github.com/torvalds/linux/commit/6e94e0cfb0887e4013b3b930fa6ab1fe6bb6ba91
[security-announce] SUSE-SU-2016:2105-1: important: Security update for lists.opensuse.org
text/html
 URL Logo SUSE SUSE-SU-2016:2105
[security-announce] openSUSE-SU-2016:2184-1: important: Security update lists.opensuse.org
text/html
 URL Logo SUSE openSUSE-SU-2016:2184
Linux Kernel setsockopt() Bugs Let Local Users Deny Service and Gain Elevated Privileges - SecurityTracker www.securitytracker.com
text/html
 URL Logo SECTRACK 1036171
1349886 – (CVE-2016-4998) CVE-2016-4998 kernel: out of bounds reads when processing IPT_SO_SET_REPLACE setsockopt Issue Tracking
Third Party Advisory
VDB Entry
bugzilla.redhat.com
text/html
 URL Logo CONFIRM bugzilla.redhat.com/show_bug.cgi?id=1349886
USN-3018-1: Linux kernel vulnerabilities | Ubuntu Third Party Advisory
www.ubuntu.com
text/html
 URL Logo UBUNTU USN-3018-1
By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
Operating
System		CanonicalUbuntu Linux12.04AllAllAll
Operating
System		CanonicalUbuntu Linux14.04AllAllAll
Operating
System		CanonicalUbuntu Linux15.10AllAllAll
Operating
System		CanonicalUbuntu Linux16.04AllAllAll
Operating
System		CanonicalUbuntu Linux12.04AllAllAll
Operating
System		CanonicalUbuntu Linux14.04AllAllAll
Operating
System		CanonicalUbuntu Linux15.10AllAllAll
Operating
System		CanonicalUbuntu Linux16.04AllAllAll
Operating
System		LinuxLinux KernelAllAllAllAll
Operating
System		OracleLinux7AllAllAll
Operating
System		OracleLinux7AllAllAll
  • cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*:
  • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*:
  • cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*:
  • cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*:
  • cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*:
  • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*:
  • cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*:
  • cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*:
  • cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*:
  • cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*: