The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPTSOSET_REPLACE setsockopt call.
[
{
"source": "https://github.com/torvalds/linux/commit/54d83fc74aa9ec72794373cb47432c5f7fb1a309",
"target": {
"function": "check_underflow",
"file": "net/ipv4/netfilter/arp_tables.c"
},
"signature_type": "Function",
"deprecated": false,
"digest": {
"function_hash": "220635050762505460103382084238795179534",
"length": 350.0
},
"id": "CVE-2016-3134-0a77a303",
"signature_version": "v1"
},
{
"source": "https://github.com/torvalds/linux/commit/54d83fc74aa9ec72794373cb47432c5f7fb1a309",
"target": {
"function": "check_entry_size_and_hooks",
"file": "net/ipv4/netfilter/ip_tables.c"
},
"signature_type": "Function",
"deprecated": false,
"digest": {
"function_hash": "124826488062252313911027527145627918941",
"length": 1280.0
},
"id": "CVE-2016-3134-27c31913",
"signature_version": "v1"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@54d83fc74aa9ec72794373cb47432c5f7fb1a309",
"target": {
"function": "check_entry_size_and_hooks",
"file": "net/ipv6/netfilter/ip6_tables.c"
},
"signature_type": "Function",
"deprecated": false,
"digest": {
"function_hash": "124826488062252313911027527145627918941",
"length": 1280.0
},
"id": "CVE-2016-3134-27d4e297",
"signature_version": "v1"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@54d83fc74aa9ec72794373cb47432c5f7fb1a309",
"target": {
"function": "mark_source_chains",
"file": "net/ipv6/netfilter/ip6_tables.c"
},
"signature_type": "Function",
"deprecated": false,
"digest": {
"function_hash": "287648439148821689950011571358319162046",
"length": 2134.0
},
"id": "CVE-2016-3134-3b1df2bd",
"signature_version": "v1"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@54d83fc74aa9ec72794373cb47432c5f7fb1a309",
"target": {
"file": "net/ipv4/netfilter/ip_tables.c"
},
"signature_type": "Line",
"deprecated": false,
"digest": {
"line_hashes": [
"114261347321829074169884671786121174640",
"296952606775279182983692294405582011944",
"204038137436550029538720584604238809240",
"131495608353348655949190268122800272645",
"41970020857171853226072212472197075520",
"307627576032349859018611197377796835550",
"118025044696397330978159399079394721065",
"256154038511734806687627776923599737817",
"19162766317431330532365961527249815432",
"298746066589502684193528962427824157947",
"322345462452188645759761863072534433289",
"207899219922888967713838586399104898382",
"89747733238188434780129440600613248017",
"199166074406245263370037417882905406661",
"287742819200242298634880734519218558432",
"285622252590700015467234325570217087142",
"233997371596855557224295572711121867386",
"267546651626244292470844066756642537840",
"306611181078536557566205526499366275192",
"322411082231936415499080980993818095393",
"158720550125568578706362153821203643358",
"77192639522872271322296495905561217834",
"320676435332668948186757303443090340649",
"230829428797782033179575768703854274851",
"38673266353188022851488894330538179937",
"93717758301731709075316059013733863930",
"207605613263443676227351522628414242469",
"216894029927347434851861109804723288589",
"108226923781715345113762350893039543518",
"314106180772561941248818563927854926874",
"60314957363198194942962852776096537295",
"152577012108326481443402423293422597469"
],
"threshold": 0.9
},
"id": "CVE-2016-3134-4f3a72de",
"signature_version": "v1"
},
{
"source": "https://github.com/torvalds/linux/commit/54d83fc74aa9ec72794373cb47432c5f7fb1a309",
"target": {
"function": "unconditional",
"file": "net/ipv4/netfilter/ip_tables.c"
},
"signature_type": "Function",
"deprecated": false,
"digest": {
"function_hash": "86307882631514298244850284473259060751",
"length": 151.0
},
"id": "CVE-2016-3134-566f2ae3",
"signature_version": "v1"
},
{
"source": "https://github.com/torvalds/linux/commit/54d83fc74aa9ec72794373cb47432c5f7fb1a309",
"target": {
"file": "net/ipv4/netfilter/ip_tables.c"
},
"signature_type": "Line",
"deprecated": false,
"digest": {
"line_hashes": [
"114261347321829074169884671786121174640",
"296952606775279182983692294405582011944",
"204038137436550029538720584604238809240",
"131495608353348655949190268122800272645",
"41970020857171853226072212472197075520",
"307627576032349859018611197377796835550",
"118025044696397330978159399079394721065",
"256154038511734806687627776923599737817",
"19162766317431330532365961527249815432",
"298746066589502684193528962427824157947",
"322345462452188645759761863072534433289",
"207899219922888967713838586399104898382",
"89747733238188434780129440600613248017",
"199166074406245263370037417882905406661",
"287742819200242298634880734519218558432",
"285622252590700015467234325570217087142",
"233997371596855557224295572711121867386",
"267546651626244292470844066756642537840",
"306611181078536557566205526499366275192",
"322411082231936415499080980993818095393",
"158720550125568578706362153821203643358",
"77192639522872271322296495905561217834",
"320676435332668948186757303443090340649",
"230829428797782033179575768703854274851",
"38673266353188022851488894330538179937",
"93717758301731709075316059013733863930",
"207605613263443676227351522628414242469",
"216894029927347434851861109804723288589",
"108226923781715345113762350893039543518",
"314106180772561941248818563927854926874",
"60314957363198194942962852776096537295",
"152577012108326481443402423293422597469"
],
"threshold": 0.9
},
"id": "CVE-2016-3134-591f3f6b",
"signature_version": "v1"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@54d83fc74aa9ec72794373cb47432c5f7fb1a309",
"target": {
"function": "unconditional",
"file": "net/ipv4/netfilter/ip_tables.c"
},
"signature_type": "Function",
"deprecated": false,
"digest": {
"function_hash": "86307882631514298244850284473259060751",
"length": 151.0
},
"id": "CVE-2016-3134-5a987c20",
"signature_version": "v1"
},
{
"source": "https://github.com/torvalds/linux/commit/54d83fc74aa9ec72794373cb47432c5f7fb1a309",
"target": {
"file": "net/ipv6/netfilter/ip6_tables.c"
},
"signature_type": "Line",
"deprecated": false,
"digest": {
"line_hashes": [
"236543835703034645859712171936682295193",
"35027945281587256248189315226721953437",
"7445788448065809908361914729874415501",
"267188568158369821117229409341359535240",
"18863422910063163576218749328193127880",
"338951932029979465549392117092302728062",
"302268797977005122514625447940056174268",
"224971934689971357273404445703916593139",
"88843873044642225717645322558430756970",
"5050590496024855954932549962913917091",
"43559521536203632513585168185152538877",
"244131774989850215266455167611859193543",
"146134960643307795072386218458675008278",
"112200882851530689969952181319173866962",
"117691516695636841550683959854926888222",
"149233792271983927920681896225462951476",
"41326098819645232648670601729172676449",
"222501232407086506401674614903545686090",
"52126845336485957766320447805130372102",
"282070077594158549875454806647377500085",
"280996010143927245252667803951134279782",
"105648508271096609556515516738897374762",
"17274330858281146986131425654118279395",
"29814000623526365254394104242996757384",
"316156717075097264097684441715325521733",
"155200046121590182042973393960267397177",
"332196575409069480350544983755471951158",
"216894029927347434851861109804723288589",
"108226923781715345113762350893039543518",
"314106180772561941248818563927854926874",
"60314957363198194942962852776096537295",
"152577012108326481443402423293422597469"
],
"threshold": 0.9
},
"id": "CVE-2016-3134-5ded5e2d",
"signature_version": "v1"
},
{
"source": "https://github.com/torvalds/linux/commit/54d83fc74aa9ec72794373cb47432c5f7fb1a309",
"target": {
"function": "get_chainname_rulenum",
"file": "net/ipv4/netfilter/ip_tables.c"
},
"signature_type": "Function",
"deprecated": false,
"digest": {
"function_hash": "168023353346225248905567010773165803632",
"length": 765.0
},
"id": "CVE-2016-3134-724d0966",
"signature_version": "v1"
},
{
"source": "https://github.com/torvalds/linux/commit/54d83fc74aa9ec72794373cb47432c5f7fb1a309",
"target": {
"function": "check_underflow",
"file": "net/ipv4/netfilter/ip_tables.c"
},
"signature_type": "Function",
"deprecated": false,
"digest": {
"function_hash": "177423042713793517737909624024444953330",
"length": 349.0
},
"id": "CVE-2016-3134-7ccc252e",
"signature_version": "v1"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@54d83fc74aa9ec72794373cb47432c5f7fb1a309",
"target": {
"function": "get_chainname_rulenum",
"file": "net/ipv6/netfilter/ip6_tables.c"
},
"signature_type": "Function",
"deprecated": false,
"digest": {
"function_hash": "75404655544814315233427696453549984070",
"length": 769.0
},
"id": "CVE-2016-3134-8cccde4d",
"signature_version": "v1"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@54d83fc74aa9ec72794373cb47432c5f7fb1a309",
"target": {
"function": "unconditional",
"file": "net/ipv4/netfilter/arp_tables.c"
},
"signature_type": "Function",
"deprecated": false,
"digest": {
"function_hash": "257869277769486674730763256126499383042",
"length": 139.0
},
"id": "CVE-2016-3134-8e35a693",
"signature_version": "v1"
},
{
"source": "https://github.com/torvalds/linux/commit/54d83fc74aa9ec72794373cb47432c5f7fb1a309",
"target": {
"function": "check_underflow",
"file": "net/ipv6/netfilter/ip6_tables.c"
},
"signature_type": "Function",
"deprecated": false,
"digest": {
"function_hash": "121793521164719844712124515929269877394",
"length": 351.0
},
"id": "CVE-2016-3134-8ecadc25",
"signature_version": "v1"
},
{
"source": "https://github.com/torvalds/linux/commit/54d83fc74aa9ec72794373cb47432c5f7fb1a309",
"target": {
"file": "net/ipv4/netfilter/arp_tables.c"
},
"signature_type": "Line",
"deprecated": false,
"digest": {
"line_hashes": [
"216691980952196570627567366558407542690",
"3241728330408536615996634546967877303",
"228855126280950984228585997183129449450",
"51083981928613792061302821328213366156",
"336225569186424638889016590127513288834",
"275935005043045821252262474477094105465",
"196564687307346039755344899692325824205",
"219603052275321323619992624979032441876",
"253093164095125059047443730212352603183",
"144588225597757386651401029964604247512",
"40411248186236255665029125972166757779",
"249203048243946619455635167796949989651",
"27553672365359540306844473054156279904",
"280599717595153870768722983940112713628",
"320676435332668948186757303443090340649",
"316990351282522947096982343148232206042",
"326963655889729564428953383244906918756",
"189789333448250777122984899933917055252",
"90703114210464865596846980272173221677",
"216894029927347434851861109804723288589",
"108226923781715345113762350893039543518",
"314106180772561941248818563927854926874",
"60314957363198194942962852776096537295",
"152577012108326481443402423293422597469"
],
"threshold": 0.9
},
"id": "CVE-2016-3134-93364d79",
"signature_version": "v1"
},
{
"source": "https://github.com/torvalds/linux/commit/54d83fc74aa9ec72794373cb47432c5f7fb1a309",
"target": {
"function": "unconditional",
"file": "net/ipv6/netfilter/ip6_tables.c"
},
"signature_type": "Function",
"deprecated": false,
"digest": {
"function_hash": "257869277769486674730763256126499383042",
"length": 139.0
},
"id": "CVE-2016-3134-a016d67c",
"signature_version": "v1"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@54d83fc74aa9ec72794373cb47432c5f7fb1a309",
"target": {
"function": "mark_source_chains",
"file": "net/ipv4/netfilter/ip_tables.c"
},
"signature_type": "Function",
"deprecated": false,
"digest": {
"function_hash": "149848962774459376840291970894653035496",
"length": 2132.0
},
"id": "CVE-2016-3134-a1c433a5",
"signature_version": "v1"
},
{
"source": "https://github.com/torvalds/linux/commit/54d83fc74aa9ec72794373cb47432c5f7fb1a309",
"target": {
"function": "get_chainname_rulenum",
"file": "net/ipv6/netfilter/ip6_tables.c"
},
"signature_type": "Function",
"deprecated": false,
"digest": {
"function_hash": "75404655544814315233427696453549984070",
"length": 769.0
},
"id": "CVE-2016-3134-a3373c44",
"signature_version": "v1"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@54d83fc74aa9ec72794373cb47432c5f7fb1a309",
"target": {
"function": "check_underflow",
"file": "net/ipv4/netfilter/ip_tables.c"
},
"signature_type": "Function",
"deprecated": false,
"digest": {
"function_hash": "177423042713793517737909624024444953330",
"length": 349.0
},
"id": "CVE-2016-3134-a84efb5f",
"signature_version": "v1"
},
{
"source": "https://github.com/torvalds/linux/commit/54d83fc74aa9ec72794373cb47432c5f7fb1a309",
"target": {
"function": "check_entry_size_and_hooks",
"file": "net/ipv4/netfilter/arp_tables.c"
},
"signature_type": "Function",
"deprecated": false,
"digest": {
"function_hash": "56926209006699260557019788832618273139",
"length": 1286.0
},
"id": "CVE-2016-3134-aa7283d5",
"signature_version": "v1"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@54d83fc74aa9ec72794373cb47432c5f7fb1a309",
"target": {
"function": "get_chainname_rulenum",
"file": "net/ipv4/netfilter/ip_tables.c"
},
"signature_type": "Function",
"deprecated": false,
"digest": {
"function_hash": "168023353346225248905567010773165803632",
"length": 765.0
},
"id": "CVE-2016-3134-b7b4bbbe",
"signature_version": "v1"
},
{
"source": "https://github.com/torvalds/linux/commit/54d83fc74aa9ec72794373cb47432c5f7fb1a309",
"target": {
"function": "mark_source_chains",
"file": "net/ipv4/netfilter/arp_tables.c"
},
"signature_type": "Function",
"deprecated": false,
"digest": {
"function_hash": "133273722955334554161165698851069770293",
"length": 1953.0
},
"id": "CVE-2016-3134-b8780efd",
"signature_version": "v1"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@54d83fc74aa9ec72794373cb47432c5f7fb1a309",
"target": {
"file": "net/ipv6/netfilter/ip6_tables.c"
},
"signature_type": "Line",
"deprecated": false,
"digest": {
"line_hashes": [
"236543835703034645859712171936682295193",
"35027945281587256248189315226721953437",
"7445788448065809908361914729874415501",
"267188568158369821117229409341359535240",
"18863422910063163576218749328193127880",
"338951932029979465549392117092302728062",
"302268797977005122514625447940056174268",
"224971934689971357273404445703916593139",
"88843873044642225717645322558430756970",
"5050590496024855954932549962913917091",
"43559521536203632513585168185152538877",
"244131774989850215266455167611859193543",
"146134960643307795072386218458675008278",
"112200882851530689969952181319173866962",
"117691516695636841550683959854926888222",
"149233792271983927920681896225462951476",
"41326098819645232648670601729172676449",
"222501232407086506401674614903545686090",
"52126845336485957766320447805130372102",
"282070077594158549875454806647377500085",
"280996010143927245252667803951134279782",
"105648508271096609556515516738897374762",
"17274330858281146986131425654118279395",
"29814000623526365254394104242996757384",
"316156717075097264097684441715325521733",
"155200046121590182042973393960267397177",
"332196575409069480350544983755471951158",
"216894029927347434851861109804723288589",
"108226923781715345113762350893039543518",
"314106180772561941248818563927854926874",
"60314957363198194942962852776096537295",
"152577012108326481443402423293422597469"
],
"threshold": 0.9
},
"id": "CVE-2016-3134-b8dd2b24",
"signature_version": "v1"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@54d83fc74aa9ec72794373cb47432c5f7fb1a309",
"target": {
"function": "check_underflow",
"file": "net/ipv6/netfilter/ip6_tables.c"
},
"signature_type": "Function",
"deprecated": false,
"digest": {
"function_hash": "121793521164719844712124515929269877394",
"length": 351.0
},
"id": "CVE-2016-3134-c8ec410d",
"signature_version": "v1"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@54d83fc74aa9ec72794373cb47432c5f7fb1a309",
"target": {
"function": "check_entry_size_and_hooks",
"file": "net/ipv4/netfilter/arp_tables.c"
},
"signature_type": "Function",
"deprecated": false,
"digest": {
"function_hash": "56926209006699260557019788832618273139",
"length": 1286.0
},
"id": "CVE-2016-3134-ccd5cb8c",
"signature_version": "v1"
},
{
"source": "https://github.com/torvalds/linux/commit/54d83fc74aa9ec72794373cb47432c5f7fb1a309",
"target": {
"function": "mark_source_chains",
"file": "net/ipv4/netfilter/ip_tables.c"
},
"signature_type": "Function",
"deprecated": false,
"digest": {
"function_hash": "149848962774459376840291970894653035496",
"length": 2132.0
},
"id": "CVE-2016-3134-cdd8b761",
"signature_version": "v1"
},
{
"source": "https://github.com/torvalds/linux/commit/54d83fc74aa9ec72794373cb47432c5f7fb1a309",
"target": {
"function": "unconditional",
"file": "net/ipv4/netfilter/arp_tables.c"
},
"signature_type": "Function",
"deprecated": false,
"digest": {
"function_hash": "257869277769486674730763256126499383042",
"length": 139.0
},
"id": "CVE-2016-3134-d011c49d",
"signature_version": "v1"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@54d83fc74aa9ec72794373cb47432c5f7fb1a309",
"target": {
"function": "unconditional",
"file": "net/ipv6/netfilter/ip6_tables.c"
},
"signature_type": "Function",
"deprecated": false,
"digest": {
"function_hash": "257869277769486674730763256126499383042",
"length": 139.0
},
"id": "CVE-2016-3134-d36fe596",
"signature_version": "v1"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@54d83fc74aa9ec72794373cb47432c5f7fb1a309",
"target": {
"function": "mark_source_chains",
"file": "net/ipv4/netfilter/arp_tables.c"
},
"signature_type": "Function",
"deprecated": false,
"digest": {
"function_hash": "133273722955334554161165698851069770293",
"length": 1953.0
},
"id": "CVE-2016-3134-db704f06",
"signature_version": "v1"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@54d83fc74aa9ec72794373cb47432c5f7fb1a309",
"target": {
"function": "check_underflow",
"file": "net/ipv4/netfilter/arp_tables.c"
},
"signature_type": "Function",
"deprecated": false,
"digest": {
"function_hash": "220635050762505460103382084238795179534",
"length": 350.0
},
"id": "CVE-2016-3134-e0c9e1fc",
"signature_version": "v1"
},
{
"source": "https://github.com/torvalds/linux/commit/54d83fc74aa9ec72794373cb47432c5f7fb1a309",
"target": {
"function": "check_entry_size_and_hooks",
"file": "net/ipv6/netfilter/ip6_tables.c"
},
"signature_type": "Function",
"deprecated": false,
"digest": {
"function_hash": "124826488062252313911027527145627918941",
"length": 1280.0
},
"id": "CVE-2016-3134-e7fa294c",
"signature_version": "v1"
},
{
"source": "https://github.com/torvalds/linux/commit/54d83fc74aa9ec72794373cb47432c5f7fb1a309",
"target": {
"function": "mark_source_chains",
"file": "net/ipv6/netfilter/ip6_tables.c"
},
"signature_type": "Function",
"deprecated": false,
"digest": {
"function_hash": "287648439148821689950011571358319162046",
"length": 2134.0
},
"id": "CVE-2016-3134-e81d683e",
"signature_version": "v1"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@54d83fc74aa9ec72794373cb47432c5f7fb1a309",
"target": {
"file": "net/ipv4/netfilter/arp_tables.c"
},
"signature_type": "Line",
"deprecated": false,
"digest": {
"line_hashes": [
"216691980952196570627567366558407542690",
"3241728330408536615996634546967877303",
"228855126280950984228585997183129449450",
"51083981928613792061302821328213366156",
"336225569186424638889016590127513288834",
"275935005043045821252262474477094105465",
"196564687307346039755344899692325824205",
"219603052275321323619992624979032441876",
"253093164095125059047443730212352603183",
"144588225597757386651401029964604247512",
"40411248186236255665029125972166757779",
"249203048243946619455635167796949989651",
"27553672365359540306844473054156279904",
"280599717595153870768722983940112713628",
"320676435332668948186757303443090340649",
"316990351282522947096982343148232206042",
"326963655889729564428953383244906918756",
"189789333448250777122984899933917055252",
"90703114210464865596846980272173221677",
"216894029927347434851861109804723288589",
"108226923781715345113762350893039543518",
"314106180772561941248818563927854926874",
"60314957363198194942962852776096537295",
"152577012108326481443402423293422597469"
],
"threshold": 0.9
},
"id": "CVE-2016-3134-e8beafca",
"signature_version": "v1"
},
{
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@54d83fc74aa9ec72794373cb47432c5f7fb1a309",
"target": {
"function": "check_entry_size_and_hooks",
"file": "net/ipv4/netfilter/ip_tables.c"
},
"signature_type": "Function",
"deprecated": false,
"digest": {
"function_hash": "124826488062252313911027527145627918941",
"length": 1280.0
},
"id": "CVE-2016-3134-e8e45648",
"signature_version": "v1"
}
]