UBUNTU-CVE-2016-7917
Advisory lineage Upstream: 1 Downstream: 2
Upstream
Downstream
Published: 16 Nov 2016, 00:00
Last modified:22 Apr 2026, 11:00
Vulnerability Summary
Overall Risk (default)
low
20/100 CVSS Score
5 MEDIUM
3.0 (osv_ubuntu)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
16 Nov 2016, 00:00
Published
Vulnerability first disclosed
22 Apr 2026, 11:00
Last Modified
Vulnerability information updated
Description
The nfnetlink_rcv_batch function in net/netfilter/nfnetlink.c in the Linux kernel before 4.5 does not check whether a batch message's length field is large enough, which allows local users to obtain sensitive information from kernel memory or cause a denial of service (infinite loop or out-of-bounds read) by leveraging the CAP_NET_ADMIN capability.
CVSS Metrics
- v3.0•MEDIUM•Score: 5CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
Affected Systems
- ubuntu•linux
< 4.4.0-79.100
- ubuntu•linux-aws
< 4.4.0-1018.27
- ubuntu•linux-azure
all
- ubuntu•linux-azure-fde
all
- ubuntu•linux-gcp
all
- ubuntu•linux-gke
< 4.4.0-1014.14 | all
- ubuntu•linux-hwe
all
- ubuntu•linux-hwe-edge
all
- ubuntu•linux-intel-iot-realtime
all
- ubuntu•linux-lts-xenial
< 4.4.0-79.100~14.04.1
- ubuntu•linux-oem
all
- ubuntu•linux-raspi-realtime
all
- ubuntu•linux-raspi2
< 4.4.0-1057.64 | all
- ubuntu•linux-realtime
all
- ubuntu•linux-riscv
all | all
- ubuntu•linux-snapdragon
< 4.4.0-1059.63
References (7)
- https://ubuntu.com/security/CVE-2016-7917
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c58d6c93680f28ac58984af61d0a7ebf4319c241
- http://source.android.com/security/bulletin/2016-11-01.html
- https://github.com/torvalds/linux/commit/c58d6c93680f28ac58984af61d0a7ebf4319c241
- https://ubuntu.com/security/notices/USN-3312-1
- https://ubuntu.com/security/notices/USN-3312-2
- https://www.cve.org/CVERecord?id=CVE-2016-7917