CVE-2016-4997

Name: CVE-2016-4997
Creator: NVD / NIST
Published: 2016-07-03T21:59:16.057+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.8/10EPSS 5.68%

Last modified Jun 17, 2026

CVE-2016-4997 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement.. EPSS estimates a 5.68% chance of exploitation in the next 30 days.

Description

The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement.

Metrics

CVSS 3.1

7.8/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

5.68%

92.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-264

Affected Software

Vendor	Product	Versions	Update
Linux	Linux Kernel	>= 2.6.17, < 3.2.80	—
Linux	Linux Kernel	>= 3.3, < 3.10.103	—
Linux	Linux Kernel	>= 3.11, < 3.12.62	—
Linux	Linux Kernel	>= 3.13, < 3.14.73	—
Linux	Linux Kernel	>= 3.15, < 3.16.37	—
Linux	Linux Kernel	>= 3.17, < 3.18.37	—
Linux	Linux Kernel	>= 3.19, < 4.1.28	—
Linux	Linux Kernel	>= 4.2, < 4.4.14	—
Linux	Linux Kernel	>= 4.5, < 4.6.3	—
Canonical	Ubuntu Linux	12.04	—
Canonical	Ubuntu Linux	14.04	—
Canonical	Ubuntu Linux	15.10	—
Canonical	Ubuntu Linux	16.04	—
Novell	Suse Linux Enterprise Software Development Kit	12.0	—
Novell	Suse Linux Enterprise Desktop	12.0	—
Novell	Suse Linux Enterprise Live Patching	12.0	—
Novell	Suse Linux Enterprise Module For Public Cloud	12.0	—
Novell	Suse Linux Enterprise Real Time Extension	12.0	Sp1
Novell	Suse Linux Enterprise Server	12.0	—
Novell	Suse Linux Enterprise Workstation Extension	12.0	—
Oracle	Linux	7	—
Debian	Debian Linux	8.0	—

References

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ce683e5f9d045e5d67d1312a42b359cb2ab2a13cVendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00060.htmlThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00061.htmlThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.htmlThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00027.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00048.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00050.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00051.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00052.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00053.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00054.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.htmlMailing List, Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-1847.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-1875.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-1883.htmlThird Party Advisory
http://www.debian.org/security/2016/dsa-3607Third Party Advisory
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.3Vendor Advisory
http://www.openwall.com/lists/oss-security/2016/06/24/5Mailing List, Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/09/29/10Exploit, Mailing List, Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.htmlThird Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.htmlThird Party Advisory
http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.htmlThird Party Advisory
http://www.securityfocus.com/bid/91451Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1036171Third Party Advisory, VDB Entry
http://www.ubuntu.com/usn/USN-3016-1Third Party Advisory
http://www.ubuntu.com/usn/USN-3016-2Third Party Advisory
http://www.ubuntu.com/usn/USN-3016-3Third Party Advisory
http://www.ubuntu.com/usn/USN-3016-4Third Party Advisory
http://www.ubuntu.com/usn/USN-3017-1Third Party Advisory
http://www.ubuntu.com/usn/USN-3017-2Third Party Advisory
http://www.ubuntu.com/usn/USN-3017-3Third Party Advisory
http://www.ubuntu.com/usn/USN-3018-1Third Party Advisory
http://www.ubuntu.com/usn/USN-3018-2Third Party Advisory
http://www.ubuntu.com/usn/USN-3019-1Third Party Advisory
http://www.ubuntu.com/usn/USN-3020-1Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1349722Issue Tracking, Third Party Advisory
https://github.com/nccgroup/TriforceLinuxSyscallFuzzer/tree/master/crash_reports/report_compatIptExploit, Third Party Advisory
https://github.com/torvalds/linux/commit/ce683e5f9d045e5d67d1312a42b359cb2ab2a13cPatch, Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05347541Third Party Advisory
https://www.exploit-db.com/exploits/40435/Third Party Advisory, VDB Entry
https://www.exploit-db.com/exploits/40489/Third Party Advisory, VDB Entry
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ce683e5f9d045e5d67d1312a42b359cb2ab2a13cVendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00060.htmlThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00061.htmlThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.htmlThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00027.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00048.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00050.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00051.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00052.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00053.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00054.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.htmlMailing List, Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-1847.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-1875.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-1883.htmlThird Party Advisory
http://www.debian.org/security/2016/dsa-3607Third Party Advisory
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.3Vendor Advisory
http://www.openwall.com/lists/oss-security/2016/06/24/5Mailing List, Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/09/29/10Exploit, Mailing List, Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.htmlThird Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.htmlThird Party Advisory
http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.htmlThird Party Advisory
http://www.securityfocus.com/bid/91451Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1036171Third Party Advisory, VDB Entry
http://www.ubuntu.com/usn/USN-3016-1Third Party Advisory
http://www.ubuntu.com/usn/USN-3016-2Third Party Advisory
http://www.ubuntu.com/usn/USN-3016-3Third Party Advisory
http://www.ubuntu.com/usn/USN-3016-4Third Party Advisory
http://www.ubuntu.com/usn/USN-3017-1Third Party Advisory
http://www.ubuntu.com/usn/USN-3017-2Third Party Advisory
http://www.ubuntu.com/usn/USN-3017-3Third Party Advisory
http://www.ubuntu.com/usn/USN-3018-1Third Party Advisory
http://www.ubuntu.com/usn/USN-3018-2Third Party Advisory
http://www.ubuntu.com/usn/USN-3019-1Third Party Advisory
http://www.ubuntu.com/usn/USN-3020-1Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1349722Issue Tracking, Third Party Advisory
https://github.com/nccgroup/TriforceLinuxSyscallFuzzer/tree/master/crash_reports/report_compatIptExploit, Third Party Advisory
https://github.com/torvalds/linux/commit/ce683e5f9d045e5d67d1312a42b359cb2ab2a13cPatch, Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05347541Third Party Advisory
https://www.exploit-db.com/exploits/40435/Third Party Advisory, VDB Entry
https://www.exploit-db.com/exploits/40489/Third Party Advisory, VDB Entry

Timeline

Published: Jul 3, 2016
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2016-4997?

How severe is CVE-2016-4997?

CVE-2016-4997 has a CVSS score of 7.8/10 (HIGH severity). The EPSS model estimates a 5.68% probability of exploitation in the next 30 days.

How do I fix CVE-2016-4997?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2016-4997?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST