製品・ソフトウェアに関する情報

JVN脆弱性詳細

Linux Kernel の net/packet/af_packet.c における権限を取得される脆弱性

Title	Linux Kernel の net/packet/af_packet.c における権限を取得される脆弱性
Summary	Linux Kernel の net/packet/af_packet.c には、packet_set_ring および packet_setsockopt 関数に関する処理に不備があるため、競合状態により、権限を取得される、またはサービス運用妨害 (解放済みメモリの使用 (Use-after-free)) 状態にされる脆弱性が存在します。
Possible impacts	ローカルユーザにより、ソケットのバージョンを変更するために CAP_NET_RAW ケーパビリティを利用されることで、権限を取得される、またはサービス運用妨害 (解放済みメモリの使用 (Use-after-free)) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Dec. 1, 2016, midnight
Registration Date	Dec. 9, 2016, 11:04 a.m.
Last Update	Dec. 9, 2016, 11:04 a.m.

CVSS3.0 : 重要
Score	7.8
Vector	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS2.0 : 危険
Score	7.2
Vector	AV:L/AC:L/Au:N/C:C/I:C/A:C

Affected System

Linux

Linux Kernel 4.8.12 まで

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2016-8655	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8655
National Vulnerability Database (NVD)
2	CVE-2016-8655	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-8655

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-362	https://jvndb.jvn.jp/ja/cwe/CWE-362.html
2	CWE-416	https://cwe.mitre.org/data/definitions/416.html

ベンダー情報

No	Name	URL
GitHub
1	packet: fix race condition in packet_set_ring	https://github.com/torvalds/linux/commit/84ac7260236a49c79eede91617700174c2c19b0c
Linux Kernel
2	Linux Kernel Archives	http://www.kernel.org
Linux kernel source tree
3	packet: fix race condition in packet_set_ring	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=84ac7260236a49c79eede91617700174c2c19b0c
Red Hat Bugzilla
4	Bug 1400019	https://bugzilla.redhat.com/show_bug.cgi?id=1400019

Change Log

No	Changed Details	Date of change
0	[2016年12月09日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2016-8655

Summary	Race condition in net/packet/af_packet.c in the Linux kernel through 4.8.12 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging the CAP_NET_RAW capability to change a socket version, related to the packet_set_ring and packet_setsockopt functions.
Publication Date	Dec. 8, 2016, 5:59 p.m.
Registration Date	Jan. 26, 2021, 2:18 p.m.
Last Update	Nov. 21, 2024, 11:59 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:o:linux:linux_kernel::::::::	3.2			3.2.85
cpe:2.3:o:linux:linux_kernel::::::::	3.13			3.16.40
cpe:2.3:o:linux:linux_kernel::::::::	3.17			3.18.46
cpe:2.3:o:linux:linux_kernel::::::::	3.19			4.1.37
cpe:2.3:o:linux:linux_kernel::::::::	4.5			4.8.14
cpe:2.3:o:linux:linux_kernel::::::::	3.3			3.10.106
cpe:2.3:o:linux:linux_kernel::::::::	3.11			3.12.69
cpe:2.3:o:linux:linux_kernel::::::::	4.2			4.4.38

Configuration2	or higher	or less	more than	less than
cpe:2.3:o:canonical:ubuntu_linux:16.10:::::::*
cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::
cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::
cpe:2.3:o:canonical:ubuntu_linux:12.04::::-:::

Related information, measures and tools

No	URL	タグ
1	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=84ac7260236a49c79eede91617700174c2c19b0c	Patch Vendor Advisory
2	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=84ac7260236a49c79eede91617700174c2c19b0c	Patch Vendor Advisory
3	http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00044.html	Mailing List Third Party Advisory
4	http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00044.html	Mailing List Third Party Advisory
5	http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00054.html	Mailing List Third Party Advisory
6	http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00054.html	Mailing List Third Party Advisory
7	http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00055.html	Mailing List Third Party Advisory
8	http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00055.html	Mailing List Third Party Advisory
9	http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00056.html	Mailing List Third Party Advisory
10	http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00056.html	Mailing List Third Party Advisory
11	http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00067.html	Mailing List Third Party Advisory
12	http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00067.html	Mailing List Third Party Advisory
13	http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00070.html	Mailing List Third Party Advisory
14	http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00070.html	Mailing List Third Party Advisory
15	http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00073.html	Mailing List Third Party Advisory
16	http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00073.html	Mailing List Third Party Advisory
17	http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00076.html	Mailing List Third Party Advisory
18	http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00076.html	Mailing List Third Party Advisory
19	http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00077.html	Mailing List Third Party Advisory
20	http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00077.html	Mailing List Third Party Advisory
21	http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00087.html	Mailing List Third Party Advisory
22	http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00087.html	Mailing List Third Party Advisory
23	http://packetstormsecurity.com/files/140063/Linux-Kernel-4.4.0-AF_PACKET-Race-Condition-Privilege-Escalation.html	Third Party Advisory VDB Entry
24	http://packetstormsecurity.com/files/140063/Linux-Kernel-4.4.0-AF_PACKET-Race-Condition-Privilege-Escalation.html	Third Party Advisory VDB Entry
25	http://rhn.redhat.com/errata/RHSA-2017-0386.html	Third Party Advisory
26	http://rhn.redhat.com/errata/RHSA-2017-0386.html	Third Party Advisory
27	http://rhn.redhat.com/errata/RHSA-2017-0387.html	Third Party Advisory
28	http://rhn.redhat.com/errata/RHSA-2017-0387.html	Third Party Advisory
29	http://rhn.redhat.com/errata/RHSA-2017-0402.html	Third Party Advisory
30	http://rhn.redhat.com/errata/RHSA-2017-0402.html	Third Party Advisory
31	http://www.openwall.com/lists/oss-security/2016/12/06/1	Mailing List Third Party Advisory
32	http://www.openwall.com/lists/oss-security/2016/12/06/1	Mailing List Third Party Advisory
33	http://www.securityfocus.com/bid/94692	Third Party Advisory VDB Entry
34	http://www.securityfocus.com/bid/94692	Third Party Advisory VDB Entry
35	http://www.securitytracker.com/id/1037403	Third Party Advisory VDB Entry
36	http://www.securitytracker.com/id/1037403	Third Party Advisory VDB Entry
37	http://www.securitytracker.com/id/1037968	Third Party Advisory VDB Entry
38	http://www.securitytracker.com/id/1037968	Third Party Advisory VDB Entry
39	http://www.ubuntu.com/usn/USN-3149-1	Third Party Advisory
40	http://www.ubuntu.com/usn/USN-3149-1	Third Party Advisory
41	http://www.ubuntu.com/usn/USN-3149-2	Third Party Advisory
42	http://www.ubuntu.com/usn/USN-3149-2	Third Party Advisory
43	http://www.ubuntu.com/usn/USN-3150-1	Third Party Advisory
44	http://www.ubuntu.com/usn/USN-3150-1	Third Party Advisory
45	http://www.ubuntu.com/usn/USN-3150-2	Third Party Advisory
46	http://www.ubuntu.com/usn/USN-3150-2	Third Party Advisory
47	http://www.ubuntu.com/usn/USN-3151-1	Third Party Advisory
48	http://www.ubuntu.com/usn/USN-3151-1	Third Party Advisory
49	http://www.ubuntu.com/usn/USN-3151-2	Third Party Advisory
50	http://www.ubuntu.com/usn/USN-3151-2	Third Party Advisory
51	http://www.ubuntu.com/usn/USN-3151-3	Third Party Advisory
52	http://www.ubuntu.com/usn/USN-3151-3	Third Party Advisory
53	http://www.ubuntu.com/usn/USN-3151-4	Third Party Advisory
54	http://www.ubuntu.com/usn/USN-3151-4	Third Party Advisory
55	http://www.ubuntu.com/usn/USN-3152-1	Third Party Advisory
56	http://www.ubuntu.com/usn/USN-3152-1	Third Party Advisory
57	http://www.ubuntu.com/usn/USN-3152-2	Third Party Advisory
58	http://www.ubuntu.com/usn/USN-3152-2	Third Party Advisory
59	https://bugzilla.redhat.com/show_bug.cgi?id=1400019	Issue Tracking Third Party Advisory VDB Entry
60	https://bugzilla.redhat.com/show_bug.cgi?id=1400019	Issue Tracking Third Party Advisory VDB Entry
61	https://github.com/torvalds/linux/commit/84ac7260236a49c79eede91617700174c2c19b0c	Patch Third Party Advisory
62	https://github.com/torvalds/linux/commit/84ac7260236a49c79eede91617700174c2c19b0c	Patch Third Party Advisory
63	https://source.android.com/security/bulletin/2017-03-01.html	Third Party Advisory
64	https://source.android.com/security/bulletin/2017-03-01.html	Third Party Advisory
65	https://www.exploit-db.com/exploits/40871/	Third Party Advisory VDB Entry
66	https://www.exploit-db.com/exploits/40871/	Third Party Advisory VDB Entry
67	https://www.exploit-db.com/exploits/44696/	Third Party Advisory VDB Entry
68	https://www.exploit-db.com/exploits/44696/	Third Party Advisory VDB Entry

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-362	競合状態	https://cwe.mitre.org/data/definitions/362.html
2	CWE-416	解放済みメモリの使用	https://cwe.mitre.org/data/definitions/416.html