Wind River Support Network

HomeDefectsSCP7-417
Fixed

SCP7-417 : Security Advisory - linux - CVE-2016-4998

Created: Jun 29, 2016    Updated: Sep 8, 2018
Resolved Date: Aug 10, 2016
Found In Version: 7.0.0.5
Fix Version: 7.0.0.19
Severity: Standard
Applicable for: Wind River Linux 7
Component/s: Kernel

Description

An out-of-bounds heap memory access, leading to a Denial of Service or possibly heap disclosure or further impact was found in setsockopt(). The particular setsockopt() call is normally restricted to root, however some processes with cap_sys_admin may also be able to trigger this flaw.

Upstream fixes

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ce683e5f9d04
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6e94e0cfb088
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bdf533de6968

Discussion on oss-sec:
http://www.openwall.com/lists/oss-security/2016/06/24/5 

Other Downloads


Live chat
Online