CVE-2016-3135 - OpenCVE

Integer overflow in the xt_alloc_table_info function in net/netfilter/x_tables.c in the Linux kernel through 4.5.2 on 32-bit platforms allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Linux	Linux Kernel
Canonical	Ubuntu Linux

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

Configuration 2 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

References

Link	Resource
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d157bd761585605b7882935ffb86286919f62ea1
http://www.securityfocus.com/bid/84305
http://www.ubuntu.com/usn/USN-2930-1
http://www.ubuntu.com/usn/USN-2930-2
http://www.ubuntu.com/usn/USN-2930-3
http://www.ubuntu.com/usn/USN-3054-1
http://www.ubuntu.com/usn/USN-3055-1
http://www.ubuntu.com/usn/USN-3056-1
http://www.ubuntu.com/usn/USN-3057-1
https://bugzilla.redhat.com/show_bug.cgi?id=1317386
https://code.google.com/p/google-security-research/issues/detail?id=758
https://github.com/torvalds/linux/commit/d157bd761585605b7882935ffb86286919f62ea1

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: microfocus

Published: 2016-04-27T17:00:00

Updated: 2021-01-06T16:15:54

Reserved: 2016-03-13T00:00:00

Link: CVE-2016-3135

JSON object: View

NVD Information

Status : Modified

Published: 2016-04-27T17:59:23.850

Modified: 2023-11-07T02:32:09.150

Link: CVE-2016-3135

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-04-27T00:00:00", "descriptions": [{"lang": "en", "value": "Integer overflow in the xt_alloc_table_info function in net/netfilter/x_tables.c in the Linux kernel through 4.5.2 on 32-bit platforms allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-01-06T16:15:54", "orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "microfocus"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://code.google.com/p/google-security-research/issues/detail?id=758"}, {"name": "USN-2930-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2930-1"}, {"name": "USN-3054-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-3054-1"}, {"name": "USN-2930-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2930-2"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/torvalds/linux/commit/d157bd761585605b7882935ffb86286919f62ea1"}, {"name": "USN-3055-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-3055-1"}, {"name": "USN-3056-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-3056-1"}, {"name": "USN-2930-3", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2930-3"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d157bd761585605b7882935ffb86286919f62ea1"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1317386"}, {"name": "USN-3057-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-3057-1"}, {"name": "84305", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/84305"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@microfocus.com", "ID": "CVE-2016-3135", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Integer overflow in the xt_alloc_table_info function in net/netfilter/x_tables.c in the Linux kernel through 4.5.2 on 32-bit platforms allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://code.google.com/p/google-security-research/issues/detail?id=758", "refsource": "MISC", "url": "https://code.google.com/p/google-security-research/issues/detail?id=758"}, {"name": "USN-2930-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2930-1"}, {"name": "USN-3054-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-3054-1"}, {"name": "USN-2930-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2930-2"}, {"name": "https://github.com/torvalds/linux/commit/d157bd761585605b7882935ffb86286919f62ea1", "refsource": "CONFIRM", "url": "https://github.com/torvalds/linux/commit/d157bd761585605b7882935ffb86286919f62ea1"}, {"name": "USN-3055-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-3055-1"}, {"name": "USN-3056-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-3056-1"}, {"name": "USN-2930-3", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2930-3"}, {"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d157bd761585605b7882935ffb86286919f62ea1", "refsource": "CONFIRM", "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d157bd761585605b7882935ffb86286919f62ea1"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1317386", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1317386"}, {"name": "USN-3057-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-3057-1"}, {"name": "84305", "refsource": "BID", "url": "http://www.securityfocus.com/bid/84305"}]}}}}, "cveMetadata": {"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "assignerShortName": "microfocus", "cveId": "CVE-2016-3135", "datePublished": "2016-04-27T17:00:00", "dateReserved": "2016-03-13T00:00:00", "dateUpdated": "2021-01-06T16:15:54", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "4A46BB08-BDDE-4A5A-BF6A-FC422CB19757", "versionEndExcluding": "4.4.21", "versionStartIncluding": "4.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "628AFDA5-6C82-4DB8-8280-D1D7C58BBFE7", "versionEndExcluding": "4.6", "versionStartIncluding": "4.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Integer overflow in the xt_alloc_table_info function in net/netfilter/x_tables.c in the Linux kernel through 4.5.2 on 32-bit platforms allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call."}, {"lang": "es", "value": "Desbordamientos de enteros en la funci\u00f3n xt_alloc_table_info en net/netfilter/x_tables.c en el kernel de Linux hasta la versi\u00f3n 4.5.2 en plataformas de 32-bit permite a usuarios locales obtener privilegios o causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria din\u00e1mica) a trav\u00e9s de una llamada IPT_SO_SET_REPLACE setsockopt."}], "evaluatorComment": "CWE-190: Integer Overflow or Wraparound", "id": "CVE-2016-3135", "lastModified": "2023-11-07T02:32:09.150", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-04-27T17:59:23.850", "references": [{"source": "security@opentext.com", "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d157bd761585605b7882935ffb86286919f62ea1"}, {"source": "security@opentext.com", "url": "http://www.securityfocus.com/bid/84305"}, {"source": "security@opentext.com", "url": "http://www.ubuntu.com/usn/USN-2930-1"}, {"source": "security@opentext.com", "url": "http://www.ubuntu.com/usn/USN-2930-2"}, {"source": "security@opentext.com", "url": "http://www.ubuntu.com/usn/USN-2930-3"}, {"source": "security@opentext.com", "url": "http://www.ubuntu.com/usn/USN-3054-1"}, {"source": "security@opentext.com", "url": "http://www.ubuntu.com/usn/USN-3055-1"}, {"source": "security@opentext.com", "url": "http://www.ubuntu.com/usn/USN-3056-1"}, {"source": "security@opentext.com", "url": "http://www.ubuntu.com/usn/USN-3057-1"}, {"source": "security@opentext.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1317386"}, {"source": "security@opentext.com", "url": "https://code.google.com/p/google-security-research/issues/detail?id=758"}, {"source": "security@opentext.com", "url": "https://github.com/torvalds/linux/commit/d157bd761585605b7882935ffb86286919f62ea1"}], "sourceIdentifier": "security@opentext.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-189"}, {"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}