vulnerability
SUSE: CVE-2016-10200: SUSE Linux Security Advisory
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:L/AC:M/Au:N/C:C/I:C/A:C) | Mar 7, 2017 | Apr 5, 2017 | Feb 4, 2022 |
Severity
7
CVSS
(AV:L/AC:M/Au:N/C:C/I:C/A:C)
Published
Mar 7, 2017
Added
Apr 5, 2017
Modified
Feb 4, 2022
Description
Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel before 4.8.14 allows local users to gain privileges or cause a denial of service (use-after-free) by making multiple bind system calls without properly ascertaining whether a socket has the SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c.
Solution(s)
suse-upgrade-cluster-md-kmp-defaultsuse-upgrade-cluster-network-kmp-defaultsuse-upgrade-dlm-kmp-defaultsuse-upgrade-gfs2-kmp-defaultsuse-upgrade-kernel-defaultsuse-upgrade-kernel-docssuse-upgrade-kernel-ec2suse-upgrade-kernel-ec2-develsuse-upgrade-kernel-ec2-extrasuse-upgrade-kernel-obs-buildsuse-upgrade-ocfs2-kmp-default
References
- SUSE-SUSE-SU-2017:1183-1
- SUSE-SUSE-SU-2017:1247-1
- SUSE-SUSE-SU-2017:1301-1
- SUSE-SUSE-SU-2017:1360-1
- SUSE-SUSE-SU-2017:1990-1
- SUSE-SUSE-SU-2017:2342-1
- SUSE-SUSE-SU-2017:2525-1
- BID-101783
- SECTRACK-1037965
- SECTRACK-1037968
- REDHAT-RHSA-2017:1842
- REDHAT-RHSA-2017:2077
- REDHAT-RHSA-2017:2437
- REDHAT-RHSA-2017:2444
- NVD-CVE-2016-10200
- DEBIAN-DLA-922-1
- UBUNTU-USN-3422-1
- UBUNTU-USN-3422-2
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.