CVE-2016-4557
CVE-2016-4557
The replace_map_fd_with_map_ptr function in kernel/bpf/verifier.c in the Linux kernel before 4.5.5 does not properly maintain an fd data structure, which allows local users to gain privileges or cause a denial of service (use-after-free) via crafted BPF instructions that reference an incorrect file descriptor.
Affected products
n/a · n/apublic PoCs found — 3
cve_referencewww.exploit-db.com/exploits/40759/unverifiedexploitdbwww.exploit-db.com/exploits/40759unverifiedexploitdbwww.exploit-db.com/exploits/39772unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8358b02bf67d3a5d8a825070e1aa73f25fb2e4c7http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.htmlhttps://bugs.chromium.org/p/project-zero/issues/detail?id=808https://bugs.debian.org/823603https://bugzilla.redhat.com/show_bug.cgi?id=1334307https://github.com/torvalds/linux/commit/8358b02bf67d3a5d8a825070e1aa73f25fb2e4c7https://www.exploit-db.com/exploits/40759/http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5http://www.openwall.com/lists/oss-security/2016/05/06/4