Main Vulnerability Database Vulnerabilities #VU6394

#VU6394 Stack-based buffer overflow in Linux kernel - CVE-2016-8632

Published: April 30, 2017 / Updated: May 30, 2020

Vulnerability identifier: #VU6394

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2016-8632

CWE-ID: CWE-121

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Linux kernel

Software vendor:
Linux Foundation

Description

The vulnerability allows a local user to cause kernel panic or escalate privileges.

The vulnerability exists due to a boundary error during minimum bearer MTU check within the tipc_msg_build() function. A local user can set a very short MTU, trigger stack-based buffer overflow and cause kernel panic or execute arbitrary code on the target system with elevated privileges.

Successful exploitation of the vulnerability may allow an attacker to cause kernel panic or escalate privileges on the system.

Remediation

Update to version 4.8.14 or 4.4.65.

#VU6394 Stack-based buffer overflow in Linux kernel - CVE-2016-8632

Description

Remediation

External links

Please verify you're human