Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.9
CVSSv2

CVE-2016-6828

Published: 16/10/2016 Updated: 12/02/2023
CVSS v2 Base Score: 4.9 | Impact Score: 6.9 | Exploitability Score: 3.9
CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8
VMScore: 495
Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C
Subscribe to Linux

Vulnerability Summary

The tcp_check_send_head function in include/net/tcp.h in the Linux kernel prior to 4.7.5 does not properly maintain certain SACK state after a failed data copy, which allows local users to cause a denial of service (tcp_xmit_retransmit_queue use-after-free and system crash) via a crafted SACK option.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel

Vendor Advisories

Debian Security Advisories: DSA-3659-1 linux -- security update
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or have other impacts CVE-2016-5696 Yue Cao, Zhiyun Qian, Zhongjie Wang, Tuan Dao, and Srikanth V Krishnamurthy of the University of California, Riverside; and Lisa M Marvel of the United States Army Research L ...
Red Hat: Important: kernel security and bug fix update
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) b ...
Red Hat: Important: kernel security, bug fix, and enhancement update
Synopsis Important: kernel security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring S ...
Red Hat: Important: kernel-rt security and bug fix update
Synopsis Important: kernel-rt security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel-rt is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (C ...
Red Hat: Important: kernel-rt security and bug fix update
Synopsis Important: kernel-rt security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel-rt is now available for Red Hat Enterprise MRG 25Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (C ...
Amazon Linux AMI: ALAS-2016-740
A use after free vulnerability was found in tcp_xmit_retransmit_queue and other tcp_* functions ...
Ubuntu Security Notice: linux vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux-lts-trusty vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux-ti-omap4 vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux-lts-xenial vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux-raspi2 vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux-snapdragon vulnerabilities
Several security issues were fixed in the kernel ...
Red Hat: CVE-2016-6828
A use-after-free vulnerability was found in tcp_xmit_retransmit_queue and other tcp_* functions This condition could allow an attacker to send an incorrect selective acknowledgment to existing connections, possibly resetting a connection ...

Exploits

Exploit DB: Linux Kernel - TCP Related Read Use-After-Free
// Source: marcograssgithubio/security/linux/2016/08/18/cve-2016-6828-linux-kernel-tcp-uafhtml // to build clang derp4c -o derp4 -static #include <unistdh> #include <sys/syscallh> #include <stringh> #include <stdinth> #include <pthreadh> #include <stdioh> #ifndef SYS_mmap #define SYS_mmap 9 # ...
Exploit DB: Linux Kernel TCP Related Read Use-After-Free
The tcp_check_send_head function in include/net/tcph in the Linux kernel before 475 does not properly maintain certain SACK state after a failed data copy, which allows local users to cause a denial of service (tcp_xmit_retransmit_queue use-after-free and system crash) via a crafted SACK option ...

References

CWE-416http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bb1fceca22492109be12640d49f5ea5a544c6bb4http://www.openwall.com/lists/oss-security/2016/08/15/1https://github.com/torvalds/linux/commit/bb1fceca22492109be12640d49f5ea5a544c6bb4http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.5https://bugzilla.redhat.com/show_bug.cgi?id=1367091http://www.securityfocus.com/bid/92452https://source.android.com/security/bulletin/2016-11-01.htmlhttps://marcograss.github.io/security/linux/2016/08/18/cve-2016-6828-linux-kernel-tcp-uaf.htmlhttp://rhn.redhat.com/errata/RHSA-2017-0113.htmlhttp://rhn.redhat.com/errata/RHSA-2017-0091.htmlhttp://rhn.redhat.com/errata/RHSA-2017-0086.htmlhttp://rhn.redhat.com/errata/RHSA-2017-0036.htmlhttps://www.debian.org/security/./dsa-3659https://nvd.nist.govhttps://www.exploit-db.com/exploits/40731/https://usn.ubuntu.com/3099-1/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3400CVE-2023-7252CVE-2024-21111denial of serviceCVE-2024-29661CVE-2024-22856remote attackersencryptionCVE-2023-38299
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook