7.2
CVSSv2

CVE-2016-3135

Published: 27/04/2016 Updated: 08/09/2017
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 726
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

Integer overflow in the xt_alloc_table_info function in net/netfilter/x_tables.c in the Linux kernel up to and including 4.5.2 on 32-bit platforms allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call.

Vulnerability Trend

Affected Products

Vendor Product Versions
CanonicalUbuntu Linux14.04, 15.10, 16.04
LinuxLinux Kernel4.5.2

Vendor Advisories

An integer overflow vulnerability was found in the Linux kernel in xt_alloc_table_info, which on 32-bit systems can lead to small structure allocation and a copy_from_user based heap corruption ...
Several security issues were fixed in the kernel ...
Several security issues were fixed in the kernel ...
Several security issues were fixed in the kernel ...
Several security issues were fixed in the kernel ...
An integer overflow vulnerability was found in xt_alloc_table_info, which on 32-bit systems can lead to small structure allocation and a copy_from_user based heap corruption (CVE-2016-3135 ) In the mark_source_chains function (net/ipv4/netfilter/ip_tablesc) it is possible for a user-supplied ipt_entry structure to have a large next_offset field ...
Several security issues were fixed in the kernel ...
Several security issues were fixed in the kernel ...
Several security issues were fixed in the kernel ...

Exploits

Source: codegooglecom/p/google-security-research/issues/detail?id=758 A memory corruption vulnerability exists in the IPT_SO_SET_REPLACE ioctl in the netfilter code for iptables support This ioctl is can be triggered by an unprivileged user on PF_INET sockets when unprivileged user namespaces are available (CONFIG_USER_NS=y) Android do ...

Github Repositories

Bubblewrap Many container runtime tools like systemd-nspawn, docker, etc focus on providing infrastructure for system administrators and orchestration tools (eg Kubernetes) to run containers These tools are not suitable to give to unprivileged users, because it is trivial to turn such access into to a fully privileged root shell on the host User namespaces There is an effo

Bubblewrap Many container runtime tools like systemd-nspawn, docker, etc focus on providing infrastructure for system administrators and orchestration tools (eg Kubernetes) to run containers These tools are not suitable to give to unprivileged users, because it is trivial to turn such access into to a fully privileged root shell on the host User namespaces There is an effo

CVE-Study CVE id CVSS Type CVE-2017-12762 100 BOF CVE-2017-0561 100 - CVE-2017-11176 100 UAF CVE-2017-8890 100 CVE-2017-7895 100 CVE-2017-3106 93 CVE-2017-3064 93 CVE-2017-0430 93 CVE-2017-0429 93 CVE-2017-0428 93 CVE-2017-0427 93 CVE-2017-0528 93 CVE-2017-0510 93 CVE-2017-0508 93 CVE-2017-0507 93 CVE-2017-0455 93