CVE-2016-10200
Last modified
CVE-2016-10200 is a high-severity vulnerability rated 7/10 on the CVSS scale. Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel before 4.8.14 allows local users to gain privileges or cause a denial of service (use-after-free) by making multiple bind system calls without properly ascertaining whether a socket has the SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c.. EPSS estimates a 0.29% chance of exploitation in the next 30 days.
Description
Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel before 4.8.14 allows local users to gain privileges or cause a denial of service (use-after-free) by making multiple bind system calls without properly ascertaining whether a socket has the SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c.
Metrics
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 3.0.34, < 3.2 |
| Linux | Linux Kernel | >= 3.2.20, < 3.2.88 |
| Linux | Linux Kernel | >= 3.4.2, < 3.12.69 |
| Linux | Linux Kernel | >= 3.13, < 3.16.40 |
| Linux | Linux Kernel | >= 3.17, < 3.18.52 |
| Linux | Linux Kernel | >= 3.19, < 4.4.38 |
| Linux | Linux Kernel | >= 4.5, < 4.8.14 |
| Android | <= 7.1.1 |
References
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=32c231164b762dddefa13af5a0101032c70b50efIssue Tracking, Patch, Third Party Advisory
- http://source.android.com/security/bulletin/2017-03-01.htmlThird Party Advisory
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.14Release Notes, Vendor Advisory
- http://www.securityfocus.com/bid/101783Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1037965Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1037968Third Party Advisory, VDB Entry
- https://access.redhat.com/errata/RHSA-2017:1842Third Party Advisory
- https://access.redhat.com/errata/RHSA-2017:2077Third Party Advisory
- https://access.redhat.com/errata/RHSA-2017:2437Third Party Advisory
- https://access.redhat.com/errata/RHSA-2017:2444Third Party Advisory
- https://github.com/torvalds/linux/commit/32c231164b762dddefa13af5a0101032c70b50efIssue Tracking, Patch, Third Party Advisory
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=32c231164b762dddefa13af5a0101032c70b50efIssue Tracking, Patch, Third Party Advisory
- http://source.android.com/security/bulletin/2017-03-01.htmlThird Party Advisory
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.14Release Notes, Vendor Advisory
- http://www.securityfocus.com/bid/101783Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1037965Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1037968Third Party Advisory, VDB Entry
- https://access.redhat.com/errata/RHSA-2017:1842Third Party Advisory
- https://access.redhat.com/errata/RHSA-2017:2077Third Party Advisory
- https://access.redhat.com/errata/RHSA-2017:2437Third Party Advisory
- https://access.redhat.com/errata/RHSA-2017:2444Third Party Advisory
- https://github.com/torvalds/linux/commit/32c231164b762dddefa13af5a0101032c70b50efIssue Tracking, Patch, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2016-10200?
How severe is CVE-2016-10200?
How do I fix CVE-2016-10200?
Are you affected by CVE-2016-10200?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST