CVE-2016-3841

HIGH

Linux kernel <4.3.3 - Privilege Escalation/DoS

Title source: llm
STIX 2.1

Description

The IPv6 stack in the Linux kernel before 4.3.3 mishandles options data, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call.

References (9)

Core 9
Core References
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2016-0855.html
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2016-2584.html
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2016-2574.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/92227
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2016-2695.html

Scores

CVSS v3 7.3
EPSS 0.0030
EPSS Percentile 21.4%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-264 CWE-416
Status published
Products (2)
google/android 6.0.1
linux/linux_kernel < 3.2.75
Published Aug 06, 2016
Tracked Since Feb 18, 2026