CVE-2016-3135 : Integer overflow in the xt_alloc_table_info function in net/netfilter/x

Integer overflow in the xt_alloc_table_info function in net/netfilter/x_tables.c in the Linux kernel through 4.5.2 on 32-bit platforms allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call.

Published 2016-04-27 17:59:24

Updated 2025-04-12 10:46:41

Source OpenText

View at NVD, CVE.org

Vulnerability category: OverflowMemory CorruptionDenial of service

Products affected by CVE-2016-3135

Linux » Linux Kernel
Versions from including (>=) 4.2 and before (<) 4.4.21
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 4.5 and before (<) 4.6
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 15.10
cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 14.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 16.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2016-3135

EPSS FAQ

0.19%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 38 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2016-3135

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.2	HIGH	AV:L/AC:L/Au:N/C:C/I:C/A:C	3.9	10.0	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	1.8	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2016-3135

CWE-189

Assigned by: nvd@nist.gov (Primary)

References for CVE-2016-3135

http://www.ubuntu.com/usn/USN-2930-3

USN-2930-3: Linux kernel (Raspberry Pi 2) vulnerabilities | Ubuntu security notices

CVEs referencing this url
http://www.ubuntu.com/usn/USN-2930-2

USN-2930-2: Linux kernel (Wily HWE) vulnerabilities | Ubuntu security notices

CVEs referencing this url
http://www.ubuntu.com/usn/USN-3056-1

USN-3056-1: Linux kernel (Raspberry Pi 2) vulnerabilities | Ubuntu security notices

CVEs referencing this url
http://www.ubuntu.com/usn/USN-3055-1

USN-3055-1: Linux kernel vulnerabilities | Ubuntu security notices

CVEs referencing this url
https://bugzilla.redhat.com/show_bug.cgi?id=1317386

1317386 – (CVE-2016-3135) CVE-2016-3135 kernel: netfilter: size overflow in x_tables
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d157bd761585605b7882935ffb86286919f62ea1

kernel/git/torvalds/linux.git - Linux kernel source tree
http://www.ubuntu.com/usn/USN-3057-1

USN-3057-1: Linux kernel (Qualcomm Snapdragon) vulnerabilities | Ubuntu security notices

CVEs referencing this url
http://www.securityfocus.com/bid/84305

Linux Kernel Local Memory Corruption and Integer Overflow Vulnerabilities

CVEs referencing this url
https://github.com/torvalds/linux/commit/d157bd761585605b7882935ffb86286919f62ea1

netfilter: x_tables: check for size overflow · torvalds/linux@d157bd7 · GitHub
http://www.ubuntu.com/usn/USN-2930-1

USN-2930-1: Linux kernel vulnerabilities | Ubuntu security notices

CVEs referencing this url
https://code.google.com/p/google-security-research/issues/detail?id=758

758 - project-zero - Monorail

CVEs referencing this url
http://www.ubuntu.com/usn/USN-3054-1

USN-3054-1: Linux kernel (Xenial HWE) vulnerabilities | Ubuntu security notices

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2016-3135

Products affected by CVE-2016-3135

Exploit prediction scoring system (EPSS) score for CVE-2016-3135

CVSS scores for CVE-2016-3135

CWE ids for CVE-2016-3135

References for CVE-2016-3135