Issue metadata
Sign in to add a comment
|
Security: CVE-2016-8655 Linux af_packet.c race condition (local root) |
||||||||||||||||||||||
Issue descriptionCVE-2016-8655 is a race-condition in Linux (net/packet/af_packet.c). It can be exploited to gain kernel code execution from unprivileged processes. VERSION Linux kernel through 4.8.12. REPRODUCTION CASE See http://seclists.org/oss-sec/2016/q4/607 This is exploitable from unprivileged users via user namespaces.
,
Dec 13 2016
Marking this as severity high / P1 for now, given that there's no indication of this being actively exploited. POC is available though, which arguably justifies P0... Adding M-55 label and cc-ing bhthompson@: I recommend patching this quickly. I'll see whether I can get CLs up before west coast wakes up.
,
Dec 13 2016
Turns out we already have a bug for this, marking as duplicate.
,
Mar 22 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by mnissler@chromium.org
, Dec 13 2016Components: OS>Kernel
Owner: snanda@chromium.org