CVE-2016-6516

HIGH

Linux Kernel <4.7 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-6516. PoCs published by wpengfei.

AI-analyzed exploit summary This repository contains functional exploit code for CVE-2016-6516, a double-fetch vulnerability in the Linux kernel's FIDEDUPERANGE ioctl. The exploit leverages a race condition to manipulate the `dest_count` field during the ioctl call, potentially leading to privilege escalation or denial of service.

Description

Race condition in the ioctl_file_dedupe_range function in fs/ioctl.c in the Linux kernel through 4.7 allows local users to cause a denial of service (heap-based buffer overflow) or possibly gain privileges by changing a certain count value, aka a "double fetch" vulnerability.

Exploits (1)

nomisec WORKING POC 9 stars

by wpengfei · poc

https://github.com/wpengfei/CVE-2016-6516-exploit

View Code ZIP pw:eip

This repository contains functional exploit code for CVE-2016-6516, a double-fetch vulnerability in the Linux kernel's FIDEDUPERANGE ioctl. The exploit leverages a race condition to manipulate the `dest_count` field during the ioctl call, potentially leading to privilege escalation or denial of service.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Complex

Reliability

Racy

Target: Linux kernel (versions affected by CVE-2016-6516)

No auth needed

Prerequisites: Access to a vulnerable Linux kernel with the FIDEDUPERANGE ioctl exposed

MITRE ATT&CK