vulnerability

Debian: CVE-2016-10200: linux -- security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:L/AC:M/Au:N/C:C/I:C/A:C)	Mar 7, 2017	May 1, 2017	Mar 30, 2026

Severity

CVSS

(AV:L/AC:M/Au:N/C:C/I:C/A:C)

Published

Mar 7, 2017

Added

May 1, 2017

Modified

Mar 30, 2026

Description

Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel before 4.8.14 allows local users to gain privileges or cause a denial of service (use-after-free) by making multiple bind system calls without properly ascertaining whether a socket has the SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c.

Solution

debian-upgrade-linux

References

CVE-2016-10200
https://attackerkb.com/topics/CVE-2016-10200
CWE-362
CWE-416
DEBIAN-DLA-922-1
EUVD-EUVD-2016-1385
https://euvd.enisa.europa.eu/vulnerability/EUVD-2016-1385

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report