CVE-2016-7117

Advisory lineage Upstream: 0 Downstream: 33

Downstream

DEBIAN-CVE-2016-7117 RHSA-2016:2962 RHSA-2017:0031 RHSA-2017:0036 RHSA-2017:0065 RHSA-2017:0086

Modified

Published: 10 Oct 2016, 10:00

Last modified:06 Aug 2024, 01:50

Vulnerability Summary

Overall Risk (default)

high

70/100

CVSS Score

10 HIGH

v2.0 (nvd)

EPSS Score

13.69% MEDIUM

14% probability +5.51%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

10 Oct 2016, 10:00

Published

Vulnerability first disclosed

06 Aug 2024, 01:50

Last Modified

Vulnerability information updated

Description

Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing.

CVSS Metrics

v3.1•CRITICAL•Score: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
v2.0•HIGH•Score: 10AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS Trends

Current EPSS score: 13.69%• Percentile: 94%

Techniques & Countermeasures

CWE-19•Data Processing Errors
Weaknesses in this category are typically found in functionality that processes data. Data processing is the manipulation of input to retrieve or save information.

Affected Systems

canonical•ubuntu_linux
16.04
debian•debian_linux
7.0
linux•linux_kernel
≥ 2.6.33, < 3.2.80 | ≥ 3.3, < 3.4.113 | ≥ 3.5, < 3.10.102 | ≥ 3.11, < 3.12.59 | ≥ 3.13, < 3.14.67 | ≥ 3.15, < 3.16.35 | ≥ 3.17, < 3.18.37 | ≥ 3.19, < 4.1.28 | ≥ 4.2.0, < 4.4.8 | ≥ 4.5.0, < 4.5.2