A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets implementation in the Linux kernel networking subsystem handled synchronization while creating the TPACKET_V3 ring buffer. A local user able to open a raw packet socket (requires the CAP_NET_RAW capability) could use this flaw to elevate their privileges on the system.
This issue does not affect Red Hat Enterprise Linux 5 and 6.
Race condition in net/packet/af_packet.c in the Linux kernel through 4.8.12 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging the CAP_NET_RAW capability to change a socket version, related to the packet_set_ring and packet_setsockopt functions.
This is an announcement about CVE-2016-8655 which is a race-condition
I found in Linux (net/packet/af_packet.c). It can be exploited to gain
kernel code execution from unprivileged processes.
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.
We are a professional review site that has advertisement and can receive compensation from the companies whose products we review. We use affiliate links in the post so if you use them to buy products through those links we can get compensation at no additional cost to you.OkDecline
3 Comments
Tomi Engdahl says:
CVE-2016-8655
https://access.redhat.com/security/cve/cve-2016-8655
A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets implementation in the Linux kernel networking subsystem handled synchronization while creating the TPACKET_V3 ring buffer. A local user able to open a raw packet socket (requires the CAP_NET_RAW capability) could use this flaw to elevate their privileges on the system.
This issue does not affect Red Hat Enterprise Linux 5 and 6.
CVE-2016-8655
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8655
Race condition in net/packet/af_packet.c in the Linux kernel through 4.8.12 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging the CAP_NET_RAW capability to change a socket version, related to the packet_set_ring and packet_setsockopt functions.
Tomi Engdahl says:
packet: fix race condition in packet_set_ring
https://github.com/torvalds/linux/commit/84ac7260236a49c79eede91617700174c2c19b0c
Tomi Engdahl says:
CVE-2016-8655 Linux af_packet.c race condition (local root)
http://www.openwall.com/lists/oss-security/2016/12/06/1
This is an announcement about CVE-2016-8655 which is a race-condition
I found in Linux (net/packet/af_packet.c). It can be exploited to gain
kernel code execution from unprivileged processes.
The bug was introduced on Aug 19, 2011:
https://github.com/torvalds/linux/commit/f6fb8f100b807378fda19e83e5ac6828b638603a
Fixed on Nov 30, 2016:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=84ac7260236a49c79eede91617700174c2c19b0c