Wind River Support Network


LIN7-6483 : Security Advisory - linux - CVE-2016-4997

Created: Jun 29, 2016    Updated: Sep 8, 2018
Resolved Date: Jul 31, 2016
Found In Version: 7.0
Fix Version:
Severity: Standard
Applicable for: Wind River Linux 7
Component/s: Kernel


A flaw was discovered in processing setsockopt for 32 bit processes on
64 bit systems.  This flaw will allow attackers to alter arbitary kernel
memory when unloading a kernel module.  This action is usually restricted
to root-priveledged users but can also be leveraged if the kernel is
compiled with CONFIG_USER_NS and CONFIG_NET_NS and the user is granted elevated priveledges.

This flaw was introduced in commit 52e804c6dfaa,

Upstream fixes

Discussion on oss-sec: 

Other Downloads


Live chat