CVE-2016-4997

HIGH

Linux Kernel 4.6.3 Netfilter Privilege Escalation

Title source: metasploit

Description

The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubylocallinux_x86
https://www.exploit-db.com/exploits/40435
exploitdb WORKING POC
by Qian Zhang · textlocallinux
https://www.exploit-db.com/exploits/40489
metasploit WORKING POC GOOD
by h00die <[email protected]>, vnik, Jesse Hertz, Tim Newsham · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/local/netfilter_priv_esc_ipv4.rb

References (43)

... and 23 more

Scores

CVSS v3 7.8
EPSS 0.0479
EPSS Percentile 89.5%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-264
Status published
Products (14)
canonical/ubuntu_linux 12.04
canonical/ubuntu_linux 14.04
canonical/ubuntu_linux 15.10
canonical/ubuntu_linux 16.04
debian/debian_linux 8.0
linux/linux_kernel 2.6.17 - 3.2.80
novell/suse_linux_enterprise_desktop 12.0 (2 CPE variants)
novell/suse_linux_enterprise_live_patching 12.0
novell/suse_linux_enterprise_module_for_public_cloud 12.0
novell/suse_linux_enterprise_real_time_extension 12.0 sp1
... and 4 more
Published Jul 03, 2016
Tracked Since Feb 18, 2026