Vulnerability Details : CVE-2016-8655
Public exploit exists!
Race condition in net/packet/af_packet.c in the Linux kernel through 4.8.12 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging the CAP_NET_RAW capability to change a socket version, related to the packet_set_ring and packet_setsockopt functions.
Vulnerability category: Memory CorruptionDenial of service
Products affected by CVE-2016-8655
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-8655
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 8 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2016-8655
-
AF_PACKET chocobo_root Privilege Escalation
Disclosure Date: 2016-08-12First seen: 2020-04-26exploit/linux/local/af_packet_chocobo_root_priv_escThis module exploits a race condition and use-after-free in the packet_set_ring function in net/packet/af_packet.c (AF_PACKET) in the Linux kernel to execute code as root (CVE-2016-8655). The bug was initially introduced in 2011 and patched in 2016 in version
CVSS scores for CVE-2016-8655
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST | |
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2016-8655
-
The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.Assigned by: nvd@nist.gov (Primary)
-
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-8655
-
http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00073.html
[security-announce] SUSE-SU-2016:3197-1: important: Security update forMailing List;Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2017-0387.html
RHSA-2017:0387 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00087.html
[security-announce] SUSE-SU-2016:3247-1: important: Security update forMailing List;Third Party Advisory
-
http://www.ubuntu.com/usn/USN-3149-2
USN-3149-2: Linux kernel (Trusty HWE) vulnerability | Ubuntu security noticesThird Party Advisory
-
http://www.ubuntu.com/usn/USN-3150-1
USN-3150-1: Linux kernel vulnerability | Ubuntu security noticesThird Party Advisory
-
http://packetstormsecurity.com/files/140063/Linux-Kernel-4.4.0-AF_PACKET-Race-Condition-Privilege-Escalation.html
Linux Kernel 4.4.0 AF_PACKET Race Condition / Privilege Escalation ≈ Packet StormThird Party Advisory;VDB Entry
-
http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00044.html
[security-announce] SUSE-SU-2016:3096-1: important: Security update forMailing List;Third Party Advisory
-
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=84ac7260236a49c79eede91617700174c2c19b0c
kernel/git/torvalds/linux.git - Linux kernel source treePatch;Vendor Advisory
-
http://www.ubuntu.com/usn/USN-3152-2
USN-3152-2: Linux kernel (Raspberry Pi 2) vulnerability | Ubuntu security noticesThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00055.html
[security-announce] SUSE-SU-2016:3116-1: important: Security update forMailing List;Third Party Advisory
-
https://www.exploit-db.com/exploits/40871/
Linux Kernel 4.4.0 (Ubuntu 14.04/16.04 x86-64) - 'AF_PACKET' Race Condition Privilege EscalationThird Party Advisory;VDB Entry
-
http://www.openwall.com/lists/oss-security/2016/12/06/1
oss-security - CVE-2016-8655 Linux af_packet.c race condition (local root)Mailing List;Third Party Advisory
-
http://www.ubuntu.com/usn/USN-3150-2
USN-3150-2: Linux kernel (OMAP4) vulnerability | Ubuntu security noticesThird Party Advisory
-
http://www.ubuntu.com/usn/USN-3149-1
USN-3149-1: Linux kernel vulnerability | Ubuntu security noticesThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00056.html
[security-announce] SUSE-SU-2016:3117-1: important: Security update forMailing List;Third Party Advisory
-
http://www.ubuntu.com/usn/USN-3151-3
USN-3151-3: Linux kernel (Qualcomm Snapdragon) vulnerability | Ubuntu security noticesThird Party Advisory
-
http://www.ubuntu.com/usn/USN-3151-1
USN-3151-1: Linux kernel vulnerability | Ubuntu security noticesThird Party Advisory
-
https://github.com/torvalds/linux/commit/84ac7260236a49c79eede91617700174c2c19b0c
packet: fix race condition in packet_set_ring · torvalds/linux@84ac726 · GitHubPatch;Third Party Advisory
-
https://www.exploit-db.com/exploits/44696/
Linux 4.4.0 < 4.4.0-53 - 'AF_PACKET chocobo_root' Local Privilege Escalation (Metasploit)Third Party Advisory;VDB Entry
-
http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00070.html
[security-announce] SUSE-SU-2016:3183-1: important: Security update forMailing List;Third Party Advisory
-
http://www.securitytracker.com/id/1037403
Linux Kernel packet_set_ring() Race Condition Lets Local Users Obtain Root Privileges - SecurityTrackerThird Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/94692
Linux Kernel CVE-2016-8655 Local Race Condition VulnerabilityThird Party Advisory;VDB Entry
-
https://source.android.com/security/bulletin/2017-03-01.html
Android Security Bulletin—March 2017 | Android Open Source ProjectThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00076.html
[security-announce] SUSE-SU-2016:3205-1: important: Security update forMailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00054.html
[security-announce] SUSE-SU-2016:3113-1: important: Security update forMailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00077.html
[security-announce] SUSE-SU-2016:3206-1: important: Security update forMailing List;Third Party Advisory
-
http://www.securitytracker.com/id/1037968
Android Multiple Flaws Let Users Deny Service, Obtain Potentially Sensitive Information, and Gain Elevated Privileges and Let Remote Users Execute Arbitrary Code - SecurityTrackerThird Party Advisory;VDB Entry
-
http://rhn.redhat.com/errata/RHSA-2017-0402.html
RHSA-2017:0402 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www.ubuntu.com/usn/USN-3151-2
USN-3151-2: Linux kernel (Xenial HWE) vulnerability | Ubuntu security noticesThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00067.html
[security-announce] SUSE-SU-2016:3169-1: important: Security update forMailing List;Third Party Advisory
-
http://www.ubuntu.com/usn/USN-3152-1
USN-3152-1: Linux kernel vulnerability | Ubuntu security noticesThird Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2017-0386.html
RHSA-2017:0386 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www.ubuntu.com/usn/USN-3151-4
USN-3151-4: Linux kernel (Raspberry Pi 2) vulnerability | Ubuntu security noticesThird Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=1400019
1400019 – (CVE-2016-8655) CVE-2016-8655 kernel: Race condition in packet_set_ring leads to use after freeIssue Tracking;Third Party Advisory;VDB Entry
Jump to