CVE-2016-10229 Detail Modified This vulnerability has been modified since it was last analyzed by the NVD. It is awaiting reanalysis which may result in further changes to the information provided. Current Description udp.c in the Linux kernel before 4.5 allows remote attackers to execute arbitrary code via UDP traffic that triggers an unsafe second checksum calculation during execution of a recv system call with the MSG_PEEK flag.

View Analysis Description Analysis Description udp.c in the Linux kernel before 4.5 allows remote attackers to execute arbitrary code via UDP traffic that triggers an unsafe second checksum calculation during execution of a recv system call with the MSG_PEEK flag. Severity CVSS Version 3.x CVSS Version 2.0



CVSS 3.x Severity and Metrics:

NIST: NVD Base Score: 9.8 CRITICAL Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS 2.0 Severity and Metrics:



NIST: NVD Base Score: 10.0 HIGH Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) Weakness Enumeration CWE-ID CWE Name Source CWE-358 Improperly Implemented Security Check for Standard NIST Known Affected Software Configurations Switch to CPE 2.2 CPEs loading, please wait. Denotes Vulnerable Software

Are we missing a CPE here? Please let us know.

Change History 5 change records found show changes CVE Modified by MITRE 2/17/2020 11:15:17 AM Action Type Old Value New Value Added Reference https://security.paloaltonetworks.com/CVE-2016-10229 [No Types Assigned]



Removed Reference http://securityadvisories.paloaltonetworks.com/Home/Detail/88 [No Types Assigned]



CVE Modified by MITRE 9/19/2017 9:29:02 PM Action Type Old Value New Value Added Reference http://securityadvisories.paloaltonetworks.com/Home/Detail/88 [No Types Assigned]



CVE Modified by MITRE 7/10/2017 9:33:22 PM Action Type Old Value New Value Added Reference http://www.securitytracker.com/id/1038201 [No Types Assigned]



Initial Analysis 4/10/2017 9:10:37 PM Action Type Old Value New Value Added CPE Configuration OR *cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:* (and previous)



Added CPE Configuration OR *cpe:2.3:o:linux:linux_kernel:4.4.60:*:*:*:*:*:*:* (and previous)



Added CVSS V2 (AV:N/AC:L/Au:N/C:C/I:C/A:C)



Added CVSS V3 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H



Added CWE CWE-358



Changed Reference Type http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=197c949e7798fbf28cfadc69d9ca0c2abbf93191 No Types Assigned



http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=197c949e7798fbf28cfadc69d9ca0c2abbf93191 Issue Tracking, Patch, Third Party Advisory



Changed Reference Type http://source.android.com/security/bulletin/2017-04-01.html No Types Assigned



http://source.android.com/security/bulletin/2017-04-01.html Patch, Third Party Advisory



Changed Reference Type http://www.securityfocus.com/bid/97397 No Types Assigned



http://www.securityfocus.com/bid/97397 Third Party Advisory, VDB Entry



Changed Reference Type https://github.com/torvalds/linux/commit/197c949e7798fbf28cfadc69d9ca0c2abbf93191 No Types Assigned



https://github.com/torvalds/linux/commit/197c949e7798fbf28cfadc69d9ca0c2abbf93191 Issue Tracking, Patch, Third Party Advisory



CVE Modified by MITRE 4/06/2017 9:59:00 PM Action Type Old Value New Value Added Reference http://www.securityfocus.com/bid/97397 [No Types Assigned]



Quick Info CVE Dictionary Entry:

CVE-2016-10229

NVD Published Date:

04/04/2017

NVD Last Modified:

09/19/2017

Source:

MITRE

