Wind River Support Network

HomeDefectsLIN8-4097
Fixed

LIN8-4097 : Security Advisory - linux - CVE-2016-4997

Created: Jun 29, 2016    Updated: Dec 3, 2018
Resolved Date: Jul 25, 2016
Found In Version: 8.0
Fix Version: 8.0.0.8
Severity: Standard
Applicable for: Wind River Linux 8
Component/s: Kernel

Description

A flaw was discovered in processing setsockopt for 32 bit processes on
64 bit systems.  This flaw will allow attackers to alter arbitary kernel
memory when unloading a kernel module.  This action is usually restricted
to root-priveledged users but can also be leveraged if the kernel is
compiled with CONFIG_USER_NS and CONFIG_NET_NS and the user is granted elevated priveledges.

This flaw was introduced in commit 52e804c6dfaa,


Upstream fixes

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ce683e5f9d04
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6e94e0cfb088
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bdf533de6968

Discussion on oss-sec:
http://www.openwall.com/lists/oss-security/2016/06/24/5

Other Downloads


CVEs


Live chat
Online