CVE-2016-3134

HIGH

SUSE Linux Enterprise - Heap Memory Corruption via netfilter IPT_SO_SET_REPLACE

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-3134. PoCs published by Google Security Research.

AI-analyzed exploit summary The exploit targets a memory corruption vulnerability in the IPT_SO_SET_REPLACE setsockopt operation in the netfilter code for iptables. It allows an unprivileged user to perform an out-of-bounds write in a 64kb range from the allocated heap entry, potentially leading to privilege escalation.

Description

The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Google Security Research · textdoslinux
https://www.exploit-db.com/exploits/39545

The exploit targets a memory corruption vulnerability in the IPT_SO_SET_REPLACE setsockopt operation in the netfilter code for iptables. It allows an unprivileged user to perform an out-of-bounds write in a 64kb range from the allocated heap entry, potentially leading to privilege escalation.

Classification
Working Poc 90%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Linux Kernel (3.10, 3.18, 4.4)
No auth needed
Prerequisites: Unprivileged user namespace enabled (CONFIG_USER_NS=y) · Access to PF_INET sockets
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (41)

Core 41
Core References
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2016-1847.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2016-1875.html
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2016/dsa-3607
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1036763
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2929-1
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2932-1
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-3050-1
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2016-1883.html
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2931-1
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2929-2
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/84305
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2930-1
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1317383
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2930-2
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-3049-1
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2930-3

Scores

CVSS v3 8.4
EPSS 0.0124
EPSS Percentile 65.4%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-119
Status published
Products (11)
linux/linux_kernel < 4.5.2
novell/suse_linux_enterprise_debuginfo 11.0 sp4
novell/suse_linux_enterprise_desktop 12.0 (2 CPE variants)
novell/suse_linux_enterprise_live_patching 12.0
novell/suse_linux_enterprise_module_for_public_cloud 12.0
novell/suse_linux_enterprise_real_time_extension 12.0 sp1
novell/suse_linux_enterprise_server 11.0 extra (2 CPE variants)
novell/suse_linux_enterprise_server 12.0 (2 CPE variants)
novell/suse_linux_enterprise_software_development_kit 11.0 sp4
novell/suse_linux_enterprise_software_development_kit 12.0 (2 CPE variants)
... and 1 more
Published Apr 27, 2016
Tracked Since Feb 18, 2026