SUSE Linux update for the Linux Kernel
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2016-4998 CVE-2016-4997 |
| CWE-ID | CWE-119 |
| Exploitation vector | Local |
| Public exploit | Public exploit code for vulnerability #2 is available. |
| Vulnerable software |
SUSE Linux Operating systems & Components / Operating system |
| Vendor | SUSE |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Memory corruption
EUVDB-ID: #VU28
Risk: Medium
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2016-4998
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to cause denial of service conditions on the target system.
The vulnerability exists due to memory access error. A local user can cause the target sysetm to crash by issuing a specially crafted IPT_SO_SET_REPLACE setsockopt() call.
Successful exploitation of this vulnerability may result in the crash of the target sysetm.
Update the affected packages.
SUSE Linux: 12
CPE2.3 External linkshttps://lists.opensuse.org/opensuse-security-announce/2016-06/msg00060.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Memory corruption
EUVDB-ID: #VU27
Risk: High
CVSSv4.0: 8.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber]
CVE-ID: CVE-2016-4997
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to obtain elevated privileges on the target system.
The vulnerability exists due to a memory corruption error in the IPT_SO_SET_REPLACE compat_setsockopt() function.
Successful exploitation of this vulnerability may lead to arbitrary code execution with kernel-level privileges.
Update the affected packages.
SUSE Linux: 12
CPE2.3 External linkshttps://lists.opensuse.org/opensuse-security-announce/2016-06/msg00060.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.
