Bug 1349722 (CVE-2016-4997)
| Summary: | CVE-2016-4997 kernel: compat IPT_SO_SET_REPLACE setsockopt | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Wade Mealing <wmealing> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | aquini, arm-mgr, bhu, charlieb-fedora-bugzilla, dhoward, fhrbata, gansalmon, iboverma, itamar, jforbes, jkacur, joelsmith, jonathan, jross, jrusnack, jwboyer, kernel-maint, kernel-mgr, kharnam, kstutsma, lgoncalv, madhu.chinakonda, matt, mchehab, mcressma, nmurray, plougher, ppandit, rt-maint, rvrbovsk, sardella, security-response-team, slawomir, williams, wmealing, zhangqian-c |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: |
A flaw was discovered in processing setsockopt for 32 bit processes on 64 bit systems. This flaw will allow attackers to alter arbitrary kernel memory when unloading a kernel module. This action is usually restricted to root-privileged users but can also be leveraged if the kernel is compiled with CONFIG_USER_NS and CONFIG_NET_NS and the user is granted elevated privileges.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2019-06-08 02:55:48 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1318693, 1318694, 1318695, 1350769, 1351030, 1351031, 1351032, 1351033, 1351034, 1351035, 1351036, 1351037, 1364809, 1364810 | ||
| Bug Blocks: | 1349713 | ||
|
Description
Wade Mealing
2016-06-24 05:39:32 UTC
Public via: http://seclists.org/oss-sec/2016/q2/599 Statement: This issue affects the Linux kernels as shipped with Red Hat Enterprise Linux 7, MRG-2 and realtime and will be addressed in a future update. Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1350769] kernel-4.6.3-300.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report. kernel-4.4.14-200.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report. This issue has been addressed in the following products: MRG for RHEL-6 v.2 Via RHSA-2016:1883 https://rhn.redhat.com/errata/RHSA-2016-1883.html This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2016:1847 https://rhn.redhat.com/errata/RHSA-2016-1847.html This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2016:1875 https://rhn.redhat.com/errata/RHSA-2016-1875.html Is the fix for RHEL6 still in the pipeline? Am I right in understanding that network namespaces need to be enabled before the vulnerability is exploitable? *** Bug 1383265 has been marked as a duplicate of this bug. *** The fix for EL6 is not in the pipeline, it was my misunderstanding of the code that marked it vulnerable and I have corrected that understanding in the statement. Sorry for any confusion Charlie Brady. |