The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Linux_kernel | Linux | 2.6.17 (including) | 3.2.80 (excluding) |
Linux_kernel | Linux | 3.3 (including) | 3.10.103 (excluding) |
Linux_kernel | Linux | 3.11 (including) | 3.12.62 (excluding) |
Linux_kernel | Linux | 3.13 (including) | 3.14.73 (excluding) |
Linux_kernel | Linux | 3.15 (including) | 3.16.37 (excluding) |
Linux_kernel | Linux | 3.17 (including) | 3.18.37 (excluding) |
Linux_kernel | Linux | 3.19 (including) | 4.1.28 (excluding) |
Linux_kernel | Linux | 4.2 (including) | 4.4.14 (excluding) |
Linux_kernel | Linux | 4.5 (including) | 4.6.3 (excluding) |