CVE-2016-4998

Published on: 07/03/2016 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:26:58 PM UTC

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Certain versions of Ubuntu Linux from Canonical contain the following vulnerability:

The IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel before 4.6 allows local users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from kernel heap memory by leveraging in-container root access to provide a crafted offset value that leads to crossing a ruleset blob boundary.

  • CVE-2016-4998 has been assigned by [email protected] to track the vulnerability - currently rated as HIGH severity.

CVSS3 Score: 7.1 - HIGH

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
LOCAL LOW LOW NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED HIGH NONE HIGH

CVSS2 Score: 5.6 - MEDIUM

Access
Vector
Access
Complexity
Authentication
LOCAL LOW NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
PARTIAL NONE COMPLETE

CVE References

Description Tags Link
USN-3018-2: Linux kernel (Trusty HWE) vulnerabilities | Ubuntu Third Party Advisory
www.ubuntu.com
text/html
URL Logo UBUNTU USN-3018-2
USN-3016-3: Linux kernel (Qualcomm Snapdragon) vulnerabilities | Ubuntu Third Party Advisory
www.ubuntu.com
text/html
URL Logo UBUNTU USN-3016-3
Red Hat Customer Portal web.archive.org
text/html
Inactive LinkNot Archived
URL Logo REDHAT RHSA-2016:1883
USN-3016-1: Linux kernel vulnerabilities | Ubuntu Third Party Advisory
www.ubuntu.com
text/html
URL Logo UBUNTU USN-3016-1
oss-security - Linux CVE-2016-4997 (local privilege escalation) and CVE-2016-4998 (out of bounds memory access) www.openwall.com
text/html
URL Logo MLIST [oss-security] 20160624 Linux CVE-2016-4997 (local privilege escalation) and CVE-2016-4998 (out of bounds memory access)
USN-3017-3: Linux kernel (Wily HWE) vulnerabilities | Ubuntu Third Party Advisory
www.ubuntu.com
text/html
URL Logo UBUNTU USN-3017-3
Linux Kernel Multiple Local Memory Corruption Vulnerabilities cve.report (archive)
text/html
URL Logo BID 91451
Oracle Linux Bulletin - July 2016 Third Party Advisory
web.archive.org
text/html
Inactive LinkNot Archived
URL Logo CONFIRM www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
kernel/git/torvalds/linux.git - Linux kernel source tree git.kernel.org
text/html
URL Logo CONFIRM git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6e94e0cfb0887e4013b3b930fa6ab1fe6bb6ba91
Oracle Linux Bulletin - October 2016 www.oracle.com
text/html
URL Logo CONFIRM www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
USN-3017-1: Linux kernel vulnerabilities | Ubuntu Third Party Advisory
www.ubuntu.com
text/html
URL Logo UBUNTU USN-3017-1
USN-3017-2: Linux kernel (Raspberry Pi 2) vulnerabilities | Ubuntu Third Party Advisory
www.ubuntu.com
text/html
URL Logo UBUNTU USN-3017-2
USN-3016-4: Linux kernel (Xenial HWE) vulnerabilities | Ubuntu Third Party Advisory
www.ubuntu.com
text/html
URL Logo UBUNTU USN-3016-4
Red Hat Customer Portal web.archive.org
text/html
Inactive LinkNot Archived
URL Logo REDHAT RHSA-2016:1875
USN-3019-1: Linux kernel (Utopic HWE) vulnerabilities | Ubuntu Third Party Advisory
www.ubuntu.com
text/html
URL Logo UBUNTU USN-3019-1
Debian -- Security Information -- DSA-3607-1 linux www.debian.org
Depreciated Link
text/html
URL Logo DEBIAN DSA-3607
Oracle VM Server for x86 Bulletin - October 2016 www.oracle.com
text/html
URL Logo CONFIRM www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
Red Hat Customer Portal web.archive.org
text/html
Inactive LinkNot Archived
URL Logo REDHAT RHSA-2016:1847
Red Hat Customer Portal web.archive.org
text/html
Inactive LinkNot Archived
URL Logo REDHAT RHSA-2017:0036
USN-3020-1: Linux kernel (Vivid HWE) vulnerabilities | Ubuntu Third Party Advisory
www.ubuntu.com
text/html
URL Logo UBUNTU USN-3020-1
USN-3016-2: Linux kernel (Raspberry Pi 2) vulnerabilities | Ubuntu Third Party Advisory
www.ubuntu.com
text/html
URL Logo UBUNTU USN-3016-2
netfilter: x_tables: make sure e->next_offset covers remaining blob size · torvalds/[email protected] · GitHub Patch
Vendor Advisory
github.com
text/html
URL Logo CONFIRM github.com/torvalds/linux/commit/6e94e0cfb0887e4013b3b930fa6ab1fe6bb6ba91
[security-announce] SUSE-SU-2016:2105-1: important: Security update for lists.opensuse.org
text/html
URL Logo SUSE SUSE-SU-2016:2105
[security-announce] openSUSE-SU-2016:2184-1: important: Security update lists.opensuse.org
text/html
URL Logo SUSE openSUSE-SU-2016:2184
Linux Kernel setsockopt() Bugs Let Local Users Deny Service and Gain Elevated Privileges - SecurityTracker www.securitytracker.com
text/html
URL Logo SECTRACK 1036171
1349886 – (CVE-2016-4998) CVE-2016-4998 kernel: out of bounds reads when processing IPT_SO_SET_REPLACE setsockopt Issue Tracking
Third Party Advisory
VDB Entry
bugzilla.redhat.com
text/html
URL Logo CONFIRM bugzilla.redhat.com/show_bug.cgi?id=1349886
USN-3018-1: Linux kernel vulnerabilities | Ubuntu Third Party Advisory
www.ubuntu.com
text/html
URL Logo UBUNTU USN-3018-1

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
Operating
System
CanonicalUbuntu Linux12.04AllAllAll
Operating
System
CanonicalUbuntu Linux14.04AllAllAll
Operating
System
CanonicalUbuntu Linux15.10AllAllAll
Operating
System
CanonicalUbuntu Linux16.04AllAllAll
Operating
System
CanonicalUbuntu Linux12.04AllAllAll
Operating
System
CanonicalUbuntu Linux14.04AllAllAll
Operating
System
CanonicalUbuntu Linux15.10AllAllAll
Operating
System
CanonicalUbuntu Linux16.04AllAllAll
Operating
System
LinuxLinux KernelAllAllAllAll
Operating
System
OracleLinux7AllAllAll
Operating
System
OracleLinux7AllAllAll
  • cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*:
  • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*:
  • cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*:
  • cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*:
  • cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*:
  • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*:
  • cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*:
  • cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*:
  • cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*:
  • cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*: