CVE-2016-9793
HIGHLinux Kernel < 3.12.69 - Memory Corruption
Title source: ruleDescription
The sock_setsockopt function in net/core/sock.c in the Linux kernel before 4.8.14 mishandles negative values of sk_sndbuf and sk_rcvbuf, which allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option.
Exploits (3)
github
WORKING POC
8 stars
by codecat007 · cpoc
https://github.com/codecat007/cvehub/tree/main/android/kernel/EXP-CVE-2016-9793
gitlab
by os-exploit · poc
https://gitlab.com/penetration-test-learn/10vuln/os-exploit/bcoles-kernel-exploits
References (12)
Scores
CVSS v3
7.8
EPSS
0.0276
EPSS Percentile
86.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-119
Status
published
Products (1)
linux/linux_kernel
3.5 - 3.12.69
Published
Dec 28, 2016
Tracked Since
Feb 18, 2026