CVE-2016-6828
CVE-2016-6828
The tcp_check_send_head function in include/net/tcp.h in the Linux kernel before 4.7.5 does not properly maintain certain SACK state after a failed data copy, which allows local users to cause a denial of service (tcp_xmit_retransmit_queue use-after-free and system crash) via a crafted SACK option.
Affected products
n/a · n/apublic PoCs found — 1
exploitdbwww.exploit-db.com/exploits/40731unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bb1fceca22492109be12640d49f5ea5a544c6bb4http://rhn.redhat.com/errata/RHSA-2017-0036.htmlhttp://rhn.redhat.com/errata/RHSA-2017-0086.htmlhttp://rhn.redhat.com/errata/RHSA-2017-0091.htmlhttp://rhn.redhat.com/errata/RHSA-2017-0113.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=1367091https://github.com/torvalds/linux/commit/bb1fceca22492109be12640d49f5ea5a544c6bb4https://marcograss.github.io/security/linux/2016/08/18/cve-2016-6828-linux-kernel-tcp-uaf.htmlhttps://source.android.com/security/bulletin/2016-11-01.htmlhttp://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.5http://www.openwall.com/lists/oss-security/2016/08/15/1http://www.securityfocus.com/bid/92452