The TCP stack in the Linux kernel before 4.8.10 mishandles skb truncation, which allows local users to cause a denial of service (system crash) via a crafted application that makes sendto system calls, related to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c.
References
Link | Resource |
---|---|
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ac6e780070e30e4c35bd395acfe9191e6268bdd3 | Issue Tracking Vendor Advisory Patch |
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.10 | Release Notes |
http://www.openwall.com/lists/oss-security/2016/11/11/3 | Mailing List Third Party Advisory |
http://www.openwall.com/lists/oss-security/2016/11/30/3 | |
http://www.securityfocus.com/bid/94264 | Third Party Advisory VDB Entry |
http://www.securitytracker.com/id/1037285 | |
https://access.redhat.com/errata/RHSA-2017:1842 | |
https://access.redhat.com/errata/RHSA-2017:2077 | |
https://access.redhat.com/errata/RHSA-2017:2669 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1393904 | Issue Tracking |
https://github.com/torvalds/linux/commit/ac6e780070e30e4c35bd395acfe9191e6268bdd3 | Issue Tracking Patch Third Party Advisory |
Configurations
History
12 Feb 2023, 23:26
Type | Values Removed | Values Added |
---|---|---|
Summary | The TCP stack in the Linux kernel before 4.8.10 mishandles skb truncation, which allows local users to cause a denial of service (system crash) via a crafted application that makes sendto system calls, related to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c. | |
References |
|
02 Feb 2023, 16:17
Type | Values Removed | Values Added |
---|---|---|
Summary | It was discovered that the Linux kernel since 3.6-rc1 with 'net.ipv4.tcp_fastopen' set to 1 can hit BUG() statement in tcp_collapse() function after making a number of certain syscalls leading to a possible system crash. | |
References |
|
|
References | (CONFIRM) http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ac6e780070e30e4c35bd395acfe9191e6268bdd3 - Issue Tracking, Vendor Advisory, Patch |
Information
Published : 2016-11-28 03:59
Updated : 2023-12-10 12:01
NVD link : CVE-2016-8645
Mitre link : CVE-2016-8645
CVE.ORG link : CVE-2016-8645
JSON object : View
Products Affected
linux
- linux_kernel
CWE
CWE-284
Improper Access Control