suse · CVE-2016-9793

Quick triage

Priority: medium Published: 2021-05-30 13:48:14 UTC Updated: 2025-05-17 23:54:32 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2016-9793 severity moderate: SUSE including 178 source package names (cluster-md-kmp-default-4.4.38-93.1, cluster-network-kmp-default-4.4.38-93.1, …), 379 product×package rows across 40 product lines (HPE Helion OpenStack 8, SUSE Liberty Linux 7, … (40 product lines)): Fixed 323, Known Not Affected 56.

Description:

The sock_setsockopt function in net/core/sock.c in the Linux kernel before 4.8.14 mishandles negative values of sk_sndbuf and sk_rcvbuf, which allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option.

cvelogic Threat Intelligence