Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.8
CVSSv3

CVE-2016-8655

Published: 08/12/2016 Updated: 12/02/2023
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 740
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Linux

Vulnerability Summary

Race condition in net/packet/af_packet.c in the Linux kernel up to and including 4.8.12 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging the CAP_NET_RAW capability to change a socket version, related to the packet_set_ring and packet_setsockopt functions.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel

canonical ubuntu linux 16.10

canonical ubuntu linux 14.04

canonical ubuntu linux 16.04

canonical ubuntu linux 12.04

Vendor Advisories

Debian CVElist Bug Report Logs: linux-image-3.16.0-4-686-pae: chown removes security.capability xattr on other users' files (CVE-2015-1350)
Debian Bug report logs - #770492 linux-image-3160-4-686-pae: chown removes securitycapability xattr on other users' files (CVE-2015-1350) Package: src:linux; Maintainer for src:linux is Debian Kernel Team <debian-kernel@listsdebianorg>; Affects: wireshark-common, iputils-ping, fping Reported by: Ben Harris <bjh21@cama ...
Red Hat: Important: kernel-rt security, bug fix, and enhancement update
Synopsis Important: kernel-rt security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic An update for kernel-rt is now available for Red Hat Enterprise MRG 2Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scori ...
Red Hat: Important: kernel-rt security and bug fix update
Synopsis Important: kernel-rt security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel-rt is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (C ...
Red Hat: Important: kernel security, bug fix, and enhancement update
Synopsis Important: kernel security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring S ...
Amazon Linux AMI: ALAS-2016-772
CVE-2016-8645 kernel: a BUG() statement can be hit in net/ipv4/tcp_inputcIt was discovered that the Linux kernel since 36-rc1 with netipv4tcp_fastopen; set to 1 can hit BUG() statement in tcp_collapse() function after making a number of certain syscalls leading to a possible system crash CVE-2016-8655 kernel: Race condition in packet_set_ring ...
Red Hat: CVE-2016-8655
A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets implementation in the Linux kernel networking subsystem handled synchronization while creating the TPACKET_V3 ring buffer A local user able to open a raw packet socket (requires the CAP_NET_RAW capability) could use this flaw to elevate their privil ...
Ubuntu Security Notice: linux vulnerability
The system could be made to crash or run programs as an administrator ...
Ubuntu Security Notice: linux-ti-omap4 vulnerability
The system could be made to crash or run programs as an administrator ...
Ubuntu Security Notice: linux vulnerability
The system could be made to crash or run programs as an administrator ...
Ubuntu Security Notice: linux-raspi2 vulnerabilities
The system could be made to crash or run programs as an administrator ...
Ubuntu Security Notice: linux vulnerability
The system could be made to crash or run programs as an administrator ...
Ubuntu Security Notice: linux-lts-trusty vulnerability
The system could be made to run programs as an administrator ...
Ubuntu Security Notice: linux-snapdragon vulnerability
The system could be made to crash or run programs as an administrator ...
Ubuntu Security Notice: linux-lts-xenial vulnerability
The system could be made to crash or run programs as an administrator ...
Ubuntu Security Notice: linux vulnerability
The system could be made to crash or run programs as an administrator ...
Ubuntu Security Notice: linux-raspi2 vulnerability
The system could be made to crash or run programs as an administrator ...
Arch Linux Issues:
A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets implementation in the Linux kernel networking subsystem handled synchronization while creating the TPACKET_V3 ring buffer A local user able to open a raw packet socket (requires the CAP_NET_RAW capability) could use this flaw to elevate their privil ...

Exploits

Exploit DB: AF_PACKET chocobo_root Privilege Escalation
This Metasploit module exploits a race condition and use-after-free in the packet_set_ring function in net/packet/af_packetc (AF_PACKET) in the Linux kernel to execute code as root (CVE-2016-8655) The bug was initially introduced in 2011 and patched in 2016 in version 440-5374, potentially affecting a large number of kernels; however this expl ...
Exploit DB: Linux Kernel 4.4.0 (Ubuntu 14.04/16.04 x86-64) - 'AF_PACKET' Race Condition Privilege Escalation
/* chocobo_rootc linux AF_PACKET race condition exploit exploit for Ubuntu 1604 x86_64 vroom vroom *=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*= user@ubuntu:~$ uname -a Linux ubuntu 440-51-generic #72-Ubuntu SMP Thu Nov 24 18:29:54 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux user@ubuntu:~$ id uid=1000(user) gid=1000(user) groups=100 ...
Exploit DB: Linux Kernel 4.4.0-21 < 4.4.0-51 (Ubuntu 14.04/16.04 x86-64) - 'AF_PACKET' Race Condition Privilege Escalation
/* chocobo_rootc linux AF_PACKET race condition exploit for CVE-2016-8655 Includes KASLR and SMEP/SMAP bypasses For Ubuntu 1404 / 1604 (x86_64) kernels 440 before 440-5374 All kernel offsets have been tested on Ubuntu / Linux Mint vroom vroom *=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*= user@ubuntu:~$ uname -a Linux ubu ...
Exploit DB: Linux 4.4.0 < 4.4.0-53 - 'AF_PACKET chocobo_root' Local Privilege Escalation (Metasploit)
## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## class MetasploitModule &lt; Msf::Exploit::Local Rank = GoodRanking include Msf::Post::File include Msf::Post::Linux::Priv include Msf::Post::Linux::System include Msf::Post::Linux::Kernel include Ms ...

Github Repositories

https://github.com/mtthwstffrd/mzet-linux-exploit-suggester

LES: Linux privilege escalation auditing tool Quick download: wget rawgithubusercontentcom/mzet-/linux-exploit-suggester/master/linux-exploit-suggestersh -O lessh Details about LES usage and inner workings: mzet-githubio/2019/05/10/les-paperhtml Additional resources for the LE

https://github.com/stefanocutelle/linux-exploit-suggester

LES: Linux privilege escalation auditing tool Quick download: wget rawgithubusercontentcom/mzet-/linux-exploit-suggester/master/linux-exploit-suggestersh -O lessh Details about LES usage and inner workings: mzet-githubio/2019/05/10/les-paperhtml Additional resources for the LE

https://github.com/rodrigosilvaluz/linux-exploit-suggester

LES: Linux privilege escalation auditing tool Quick download: wget rawgithubusercontentcom/mzet-/linux-exploit-suggester/master/linux-exploit-suggestersh -O lessh Details about LES usage and inner workings: mzet-githubio/2019/05/10/les-paperhtml Additional resources for the LE

https://github.com/toanthang1842002/CVE-2017-6074

CVE-2017-6074 Bug overview Giao thức DCCP (Datagram Congestion Control Protocol) khi được triển khai ở trạng thái listen, tại hàm dccp_rcv_state_process(), một skb sẽ được free nếu dccp_v6_conn_request() trả về thành công Tuy nhiên nếu IPV6_RECVPKTINFO được sử dụng thì địa chỉ của skb được

https://github.com/84KaliPleXon3/linux-exploit-suggester

LES: Linux privilege escalation auditing tool Quick download: wget rawgithubusercontentcom/mzet-/linux-exploit-suggester/master/linux-exploit-suggestersh -O lessh Details about LES usage and inner workings: mzet-githubio/2019/05/10/les-paperhtml Additional resources for the LE

https://github.com/mzet-/linux-exploit-suggester

Linux privilege escalation auditing tool

LES: Linux privilege escalation auditing tool Quick download: wget rawgithubusercontentcom/mzet-/linux-exploit-suggester/master/linux-exploit-suggestersh -O lessh Details about LES usage and inner workings: mzet-githubio/2019/05/10/les-paperhtml Additional resources for the LE

https://github.com/retr0-13/linux_exploit_suggester

LES: Linux privilege escalation auditing tool Quick download: wget rawgithubusercontentcom/mzet-/linux-exploit-suggester/master/linux-exploit-suggestersh -O lessh Details about LES usage and inner workings: mzet-githubio/2019/05/10/les-paperhtml Additional resources for the LE

https://github.com/agkunkle/chocobo

Chocobo Root (CVE-2016-8655) Analysis

chocobo Chocobo Root (CVE-2016-8655) Analysis Notes This is the newest Linux privesc, released 2016-12-06 [here seclistsorg/oss-sec/2016/q4/607] References found at this point: wwwtheregistercouk/2016/12/07/android_dirty_cow_kernel_patch/ wwwexploit-dbcom/exploits/40871/ Goal: Create a CPI white-paper/blog with: deeper analysis of the exploit Curr

https://github.com/fei9747/linux-exploit-suggester

LES: Linux privilege escalation auditing tool Quick download: wget rawgithubusercontentcom/mzet-/linux-exploit-suggester/master/linux-exploit-suggestersh -O lessh Details about LES usage and inner workings: mzet-githubio/2019/05/10/les-paperhtml Additional resources for the LE

https://github.com/The-Z-Labs/linux-exploit-suggester

Linux privilege escalation auditing tool

LES: Linux privilege escalation auditing tool Quick download: wget rawgithubusercontentcom/mzet-/linux-exploit-suggester/master/linux-exploit-suggestersh -O lessh Details about LES usage and inner workings: mzet-githubio/2019/05/10/les-paperhtml Additional resources for the LE

https://github.com/0dayhunter/Linux-exploit-suggester

Linux privilege escalation auditing tool

LES: Linux privilege escalation auditing tool: Quick download: git clone githubcom/0dayhunter/Linux-exploit-suggestergit Purpose The LES tool is designed to assist in detecting security deficiencies for a given Linux kernel/Linux-based machine It provides the following functionality: Assessing kernel exposure on publicly known

https://github.com/LucidOfficial/Linux-exploit-suggestor

LES: Linux privilege escalation auditing tool Quick download: wget rawgithubusercontentcom/mzet-/linux-exploit-suggester/master/linux-exploit-suggestersh -O lessh Details about LES usage and inner workings: mzet-githubio/2019/05/10/les-paperhtml Additional resources for the LE

https://github.com/jondonas/linux-exploit-suggester-2

Next-Generation Linux Kernel Exploit Suggester

Linux Exploit Suggester 2 Next-generation exploit suggester based on Linux_Exploit_Suggester Key Improvements Include: More exploits! Option to download exploit code directly from Exploit DB Accurate wildcard matching This expands the scope of searchable exploits Output colorization for easy viewing And more to come! This script is extremely useful for quickly finding priv

https://github.com/Aneesh-Satla/Linux-Kernel-Exploitation-Suggester

Linux Exploit Suggester 2 Next-generation exploit suggester based on Linux_Exploit_Suggester Key Improvements Include: More exploits! Option to download exploit code directly from Exploit DB Accurate wildcard matching This expands the scope of searchable exploits Output colorization for easy viewing And more to come! This script is extremely useful for quickly finding priv

https://github.com/pradeepavula/Linux-Exploits-LES-

LES: Linux privilege escalation auditing tool Quick download: wget rawgithubusercontentcom/mzet-/linux-exploit-suggester/master/linux-exploit-suggestersh -O lessh Details about LES usage and inner workings: mzet-githubio/2019/05/10/les-paperhtml Additional resources for the LE

https://github.com/Realradioactive/archive-linux-exploit-suggester-master

LES: Linux privilege escalation auditing tool Quick download: wget rawgithubusercontentcom/mzet-/linux-exploit-suggester/master/linux-exploit-suggestersh -O lessh Details about LES usage and inner workings: mzet-githubio/2019/05/10/les-paperhtml Additional resources for the LE

Recent Articles

Don't have a Dirty COW, man: Android gets full kernel hijack patch
The Register • Shaun Nichols in San Francisco • 07 Dec 2016

Meanwhile, another nasty Linux bug surfaces

Google has posted an update for Android that, among other fixes, officially closes the Dirty COW vulnerability. The December 2016 update covers a total of 74 CVE-listed security vulnerabilities in Android devices. These fixes should be landing on Nexus handsets devices very soon, if not already, and installed as soon as possible; other devices should be getting the updates shortly, depending on how on-the-ball your manufacturer and cell network is – you may never, sadly, see the updates at all...

Read more...

References

CWE-362CWE-416https://bugzilla.redhat.com/show_bug.cgi?id=1400019http://www.openwall.com/lists/oss-security/2016/12/06/1https://github.com/torvalds/linux/commit/84ac7260236a49c79eede91617700174c2c19b0chttp://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=84ac7260236a49c79eede91617700174c2c19b0chttp://www.securityfocus.com/bid/94692https://www.exploit-db.com/exploits/40871/http://www.securitytracker.com/id/1037403http://packetstormsecurity.com/files/140063/Linux-Kernel-4.4.0-AF_PACKET-Race-Condition-Privilege-Escalation.htmlhttp://www.ubuntu.com/usn/USN-3152-2http://www.ubuntu.com/usn/USN-3152-1http://www.ubuntu.com/usn/USN-3151-4http://www.ubuntu.com/usn/USN-3151-3http://www.ubuntu.com/usn/USN-3151-2http://www.ubuntu.com/usn/USN-3151-1http://www.ubuntu.com/usn/USN-3150-2http://www.ubuntu.com/usn/USN-3150-1http://www.ubuntu.com/usn/USN-3149-2http://www.ubuntu.com/usn/USN-3149-1http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00087.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-12/msg00077.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-12/msg00076.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-12/msg00073.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-12/msg00070.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-12/msg00067.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-12/msg00056.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-12/msg00055.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-12/msg00054.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-12/msg00044.htmlhttps://source.android.com/security/bulletin/2017-03-01.htmlhttp://www.securitytracker.com/id/1037968http://rhn.redhat.com/errata/RHSA-2017-0402.htmlhttp://rhn.redhat.com/errata/RHSA-2017-0387.htmlhttp://rhn.redhat.com/errata/RHSA-2017-0386.htmlhttps://www.exploit-db.com/exploits/44696/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770492https://nvd.nist.govhttps://www.exploit-db.com/exploits/40871/https://usn.ubuntu.com/3150-1/https://alas.aws.amazon.com/ALAS-2016-772.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook