QwikSec

Security Database

CVE

CWE

Training

CVE-2016-9755

Published: Dec 28, 2016

Modified: Aug 6, 2024

PUBLISHED

Description

The netfilter subsystem in the Linux kernel before 4.9 mishandles IPv6 reassembly, which allows local users to cause a denial of service (integer overflow, out-of-bounds write, and GPF) or possibly have unspecified other impact via a crafted application that makes socket, connect, and writev system calls, related to net/ipv6/netfilter/nf_conntrack_reasm.c and net/ipv6/netfilter/nf_defrag_ipv6_hooks.c.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_BID

https://github.com/torvalds/linux/commit/9b57da0630c9fd36ed7a20fc0f98dc82cc0777fa

x_refsource_CONFIRM

[oss-security] 20161201 CVE Request: Linux: net: out-of-bounds due do a signedness issue when defragging ipv6

mailing-list

x_refsource_MLIST

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b57da0630c9fd36ed7a20fc0f98dc82cc0777fa

x_refsource_CONFIRM

https://groups.google.com/forum/#%21topic/syzkaller/GFbGpX7nTEo

x_refsource_CONFIRM

https://bugzilla.redhat.com/show_bug.cgi?id=1400904

x_refsource_CONFIRM

[netdev] 20161130 [PATCH 10/11] netfilter: ipv6: nf_defrag: drop mangled skb on ream error

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.