Wind River Support Network


SCP6-804 : Security Advisory - linux - CVE-2016-4997

Created: Jun 29, 2016    Updated: Dec 3, 2018
Resolved Date: Aug 10, 2016
Found In Version:
Fix Version:
Severity: Standard
Applicable for: Wind River Linux 6
Component/s: Kernel


A flaw was discovered in processing setsockopt for 32 bit processes on
64 bit systems.  This flaw will allow attackers to alter arbitary kernel
memory when unloading a kernel module.  This action is usually restricted
to root-priveledged users but can also be leveraged if the kernel is
compiled with CONFIG_USER_NS and CONFIG_NET_NS and the user is granted elevated priveledges.

This flaw was introduced in commit 52e804c6dfaa,

Upstream fixes

Discussion on oss-sec:

Other Downloads

Live chat