CVE-2016-10229

CRITICAL

Linux Kernel < 4.5 - Remote Code Execution via UDP MSG_PEEK Checksum Calculation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-10229. PoCs published by codecat007.

AI-analyzed exploit summary The PoC demonstrates a use-after-free vulnerability in the Linux kernel's IPv6 UDP socket handling (CVE-2016-10229). It exploits improper reference counting in `recvmsg` with `MSG_PEEK`, leading to memory corruption. The exploit forks sender/receiver processes to trigger the race condition.

Description

udp.c in the Linux kernel before 4.5 allows remote attackers to execute arbitrary code via UDP traffic that triggers an unsafe second checksum calculation during execution of a recv system call with the MSG_PEEK flag.

Exploits (1)

github WORKING POC 8 stars

by codecat007 · cpoc

https://github.com/codecat007/cvehub/tree/main/android/securityPatch/CVE-2016-10229

View Code ZIP pw:eip

The PoC demonstrates a use-after-free vulnerability in the Linux kernel's IPv6 UDP socket handling (CVE-2016-10229). It exploits improper reference counting in `recvmsg` with `MSG_PEEK`, leading to memory corruption. The exploit forks sender/receiver processes to trigger the race condition.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Racy

Target: Linux kernel (versions affected by CVE-2016-10229)

No auth needed

Prerequisites: Linux system with vulnerable kernel · ability to create IPv6 UDP sockets

MITRE ATT&CK