CVE-2016-4558

HIGH

Linux Kernel < 4.5.5 - Use-After-Free in BPF Subsystem

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-4558. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit demonstrates a reference counter overflow in the Linux kernel's BPF subsystem (CVE-2016-4558) by creating excessive references to BPF programs, leading to a kernel crash (DoS). It requires significant memory allocation (~32GB) and bypassing RLIMIT_MEMLOCK constraints.

Description

The BPF subsystem in the Linux kernel before 4.5.5 mishandles reference counts, which allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted application on (1) a system with more than 32 Gb of memory, related to the program reference count or (2) a 1 Tb system, related to the map reference count.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · textdoslinux

https://www.exploit-db.com/exploits/39773

View Code ZIP pw:eip

This exploit demonstrates a reference counter overflow in the Linux kernel's BPF subsystem (CVE-2016-4558) by creating excessive references to BPF programs, leading to a kernel crash (DoS). It requires significant memory allocation (~32GB) and bypassing RLIMIT_MEMLOCK constraints.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Complex

Reliability

Reliable

Target: Linux kernel (versions before 4.4.0-21-generic with BPF support)

No auth needed

Prerequisites: System with >32GB RAM · RLIMIT_MEMLOCK disabled or container environment with multiple UIDs · Linux kernel with BPF support

MITRE ATT&CK