NVD

Id
22460  
Name
CVE-2016-9806  
Description
Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel before 4.6.3 allows local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that makes sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated.  
Reject
 
CVSS Version
2  
CVSS Score
7.2  
Severity
High  
CVSS Base Score
7.2  
CVSS Impact Subscore
10  
CVSS Exploit Subscore
3.9  
CVSS Vector
(AV:L/AC:L/Au:N/C:C/I:C/A:C)  
Pub Date
2017-07-18  
Published
2016-12-28  
Modified Date
2017-07-17  
Seq
2016-9806  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
119174 22460 CVE-2016-9806 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=92964c79b357efd980812c4de5c1fd2ec8bb5520  View
119175 22460 CVE-2016-9806 [netdev] 20160515 BUG: use-after-free in netlink_dump  View
119176 22460 CVE-2016-9806 http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.3  View
119177 22460 CVE-2016-9806 [oss-security] 20161203 CVE Request: -- Linux kernel: double free in netlink_dump  View
119178 22460 CVE-2016-9806 94653  View
119179 22460 CVE-2016-9806 https://bugzilla.redhat.com/show_bug.cgi?id=1401502  View
119180 22460 CVE-2016-9806 https://github.com/torvalds/linux/commit/92964c79b357efd980812c4de5c1fd2ec8bb5520  View

Related JVN