漏洞信息(CVE-2016-8655)

一、漏洞 CVE-2016-8655 基础信息

漏洞标题

N/A

来源：AIGC 神龙大模型

漏洞描述信息

通过Linux内核4.8.12版本，net/packet/af_packet.c中的竞态条件允许本地用户通过利用CAP_NET_RAW能力更改套接字版本，以获取特权或导致拒绝服务(使用后释放)。

来源：AIGC 神龙大模型

CVSS信息

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

来源：AIGC 神龙大模型

漏洞类别

N/A

来源：AIGC 神龙大模型

漏洞标题

N/A

来源：美国国家漏洞数据库 NVD

漏洞描述信息

Race condition in net/packet/af_packet.c in the Linux kernel through 4.8.12 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging the CAP_NET_RAW capability to change a socket version, related to the packet_set_ring and packet_setsockopt functions.

来源：美国国家漏洞数据库 NVD

CVSS信息

N/A

来源：美国国家漏洞数据库 NVD

漏洞类别

N/A

来源：美国国家漏洞数据库 NVD

漏洞标题

Linux kernel 资源管理错误漏洞

来源：中国国家信息安全漏洞库 CNNVD

漏洞描述信息

Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel 4.8.12版本及之前版本存在资源管理错误漏洞。攻击者利用该漏洞获取特权，或造成拒绝服务（释放后重用）。

来源：中国国家信息安全漏洞库 CNNVD

CVSS信息

N/A

来源：中国国家信息安全漏洞库 CNNVD

漏洞类别

资源管理错误

来源：中国国家信息安全漏洞库 CNNVD

二、漏洞 CVE-2016-8655 的公开POC

#	POC 描述	源链接	神龙链接
1	PoC for CVE-2016-8655 that causes a kernel panic	https://github.com/scarvell/cve-2016-8655	POC详情
2	None	https://github.com/LakshmiDesai/CVE-2016-8655	POC详情
3	Linux af_packet.c race condition (local root)	https://github.com/KosukeShimofuji/CVE-2016-8655	POC详情
4	Chocobo Root (CVE-2016-8655) Analysis	https://github.com/agkunkle/chocobo	POC详情
5	Android attempt at PoC CVE-2016-8655	https://github.com/martinmullins/CVE-2016-8655_Android	POC详情

三、漏洞 CVE-2016-8655 的情报信息

https://github.com/torvalds/linux/commit/84ac7260236a49c79eede91617700174c2c19b0c x_refsource_CONFIRM
https://source.android.com/security/bulletin/2017-03-01.html x_refsource_CONFIRM
http://packetstormsecurity.com/files/140063/Linux-Kernel-4.4.0-AF_PACKET-Race-Condition-Privilege-Escalation.html x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=1400019 x_refsource_CONFIRM
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=84ac7260236a49c79eede91617700174c2c19b0c x_refsource_CONFIRM
http://www.securityfocus.com/bid/94692 vdb-entry x_refsource_BID
https://www.exploit-db.com/exploits/44696/ exploit x_refsource_EXPLOIT-DB
https://www.exploit-db.com/exploits/40871/ exploit x_refsource_EXPLOIT-DB
http://www.securitytracker.com/id/1037968 vdb-entry x_refsource_SECTRACK
http://www.securitytracker.com/id/1037403 vdb-entry x_refsource_SECTRACK
http://www.ubuntu.com/usn/USN-3151-1 vendor-advisory x_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-3152-1 vendor-advisory x_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-3152-2 vendor-advisory x_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-3151-2 vendor-advisory x_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-3149-1 vendor-advisory x_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-3151-4 vendor-advisory x_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-3150-1 vendor-advisory x_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-3149-2 vendor-advisory x_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-3150-2 vendor-advisory x_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-3151-3 vendor-advisory x_refsource_UBUNTU
http://rhn.redhat.com/errata/RHSA-2017-0387.html vendor-advisory x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2017-0402.html vendor-advisory x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2017-0386.html vendor-advisory x_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00076.html vendor-advisory x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00055.html vendor-advisory x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00054.html vendor-advisory x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00070.html vendor-advisory x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00087.html vendor-advisory x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00073.html vendor-advisory x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00056.html vendor-advisory x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00067.html vendor-advisory x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00077.html vendor-advisory x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00044.html vendor-advisory x_refsource_SUSE
http://www.openwall.com/lists/oss-security/2016/12/06/1 mailing-list x_refsource_MLIST
https://nvd.nist.gov/vuln/detail/CVE-2016-8655

一、 漏洞 CVE-2016-8655 基础信息

漏洞标题

漏洞描述信息

CVSS信息

漏洞类别

漏洞标题

漏洞描述信息

CVSS信息

漏洞类别

漏洞标题

漏洞描述信息

CVSS信息

漏洞类别

二、漏洞 CVE-2016-8655 的公开POC

三、漏洞 CVE-2016-8655 的情报信息

一、漏洞 CVE-2016-8655 基础信息