Wind River Support Network

HomeDefectsSCP6-805
Fixed

SCP6-805 : Security Advisory - linux - CVE-2016-4998

Created: Jun 29, 2016    Updated: Dec 3, 2018
Resolved Date: Aug 10, 2016
Found In Version: 6.0.0.11
Fix Version: 6.0.0.31
Severity: Standard
Applicable for: Wind River Linux 6
Component/s: Kernel

Description

An out-of-bounds heap memory access, leading to a Denial of Service or possibly heap disclosure or further impact was found in setsockopt(). The particular setsockopt() call is normally restricted to root, however some processes with cap_sys_admin may also be able to trigger this flaw.

Upstream fixes

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ce683e5f9d04
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6e94e0cfb088
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bdf533de6968

Discussion on oss-sec:
http://www.openwall.com/lists/oss-security/2016/06/24/5

Other Downloads


Live chat
Online