CVE-2016-10200

HIGH

Linux Kernel < 4.8.14 - Use-After-Free via L2TPv3 IP Encapsulation Race Condition

Title source: llm
STIX 2.1

Description

Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel before 4.8.14 allows local users to gain privileges or cause a denial of service (use-after-free) by making multiple bind system calls without properly ascertaining whether a socket has the SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c.

References (11)

Core 11
Core References
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://github.com/torvalds/linux/commit/32c231164b762dddefa13af5a0101032c70b50ef
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1037965
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:2437
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1037968
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:2444
Third Party Advisory x_refsource_confirm
http://source.android.com/security/bulletin/2017-03-01.html
Release Notes, Vendor Advisory x_refsource_confirm
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.14
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/101783
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:2077
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:1842

Scores

CVSS v3 7.0
EPSS 0.0029
EPSS Percentile 21.1%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-264 CWE-362 CWE-416
Status published
Products (2)
google/android < 7.1.1
linux/linux_kernel 3.0.34 - 3.2
Published Mar 07, 2017
Tracked Since Feb 18, 2026