Published: 28/12/2016 Updated: 17/01/2023

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 726

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

The sock_setsockopt function in net/core/sock.c in the Linux kernel prior to 4.8.14 mishandles negative values of sk_sndbuf and sk_rcvbuf, which allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel

Debian Bug report logs - #770492 linux-image-3160-4-686-pae: chown removes securitycapability xattr on other users' files (CVE-2015-1350) Package: src:linux; Maintainer for src:linux is Debian Kernel Team <debian-kernel@listsdebianorg>; Affects: wireshark-common, iputils-ping, fping Reported by: Ben Harris <bjh21@cama ...

Synopsis Important: kernel-rt security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel-rt is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (C ...

Synopsis Important: kernel security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impactof Important A Common Vulnerability Scoring Sy ...

Synopsis Important: kernel-rt security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel-rt is now available for Red Hat Enterprise MRG 2Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVS ...

A flaw was found in the Linux kernel key management subsystem in which a local attacker could crash the kernel or corrupt the stack and additional memory (denial of service) by supplying a specially crafted RSA key This flaw panics the machine during the verification of the RSA key (CVE-2016-8650) The blk_rq_map_user_iov function in block/blk-ma ...

Several security issues were fixed in the kernel ...

A flaw was found in the Linux kernel's implementation of setsockopt for the SO_{SND|RCV}BUFFORCE setsockopt() system call Users with non-namespace CAP_NET_ADMIN are able to trigger this call and create a situation in which the sockets sendbuff data size could be negative This could adversely affect memory allocations and create situations where t ...

// CAP_NET_ADMIN -> root LPE exploit for CVE-2016-9793 // No KASLR, SMEP or SMAP bypass included // Affected kernels: 311 -> 48 // Tested in QEMU only // githubcom/xairy/kernel-exploits/tree/master/CVE-2016-9793 // // Usage: // # gcc -pthread exploitc -o exploit // # chown guest:guest exploit // # setcap cap_net_admin+ep /exploit ...

Linux kernel versions 311 through 48 O_SNDBUFFORCE and SO_RCVBUFFORCE local privilege escalation exploit ...

kernel-exploits CVE-2016-2384: a double-free in USB MIDI driver CVE-2016-9793: a signedness issue with SO_SNDBUFFORCE and SO_RCVBUFFORCE socket options CVE-2017-6074: a double-free in DCCP protocol CVE-2017-7308: a signedness issue in AF_PACKET sockets

Linux kernel < 4.10.15 - Race Condition Privilege Escalation

Ecploit-kernel-410-linux-local Linux kernel < 41015 - Race Condition Privilege Escalation Linux kernel < 41015 CVE-2017-1000112 This is a proof-of-concept local root exploit for the vulnerability in the UFO Linux kernel implementation CVE-2017-1000112 Some details: wwwopenwallcom/lists/oss-security/2017/08/13/1 s/timerfdc Vulnerbility Exploit Vulne

CWE-119 https://github.com/torvalds/linux/commit/b98b0bc8c431e3ceb4b26b0dfc8db509518fb290 https://bugzilla.redhat.com/show_bug.cgi?id=1402013 http://www.openwall.com/lists/oss-security/2016/12/03/1 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.14 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b98b0bc8c431e3ceb4b26b0dfc8db509518fb290 http://www.securityfocus.com/bid/94655 https://source.android.com/security/bulletin/2017-03-01.html http://www.securitytracker.com/id/1037968 https://github.com/xairy/kernel-exploits/tree/master/CVE-2016-9793 https://access.redhat.com/errata/RHSA-2017:0933 https://access.redhat.com/errata/RHSA-2017:0932 https://access.redhat.com/errata/RHSA-2017:0931 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770492 https://nvd.nist.gov https://github.com/amrelsadane123/Ecploit-kernel-4.10-linux-local https://www.exploit-db.com/exploits/41995/https://alas.aws.amazon.com/ALAS-2017-782.html https://usn.ubuntu.com/3168-1/

CVE-2016-9793

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect