{
  "threat_severity" : "Important",
  "public_date" : "2016-06-24T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: compat IPT_SO_SET_REPLACE setsockopt",
    "id" : "1349722",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1349722"
  },
  "cvss" : {
    "cvss_base_score" : "7.2",
    "cvss_scoring_vector" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
    "status" : "verified"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.3",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-20",
  "details" : [ "The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement.", "A flaw was discovered in processing setsockopt for 32 bit processes on 64 bit systems. This flaw will allow attackers to alter arbitrary kernel memory when unloading a kernel module. This action is usually restricted to root-privileged users but can also be leveraged if the kernel is compiled with CONFIG_USER_NS and CONFIG_NET_NS and the user is granted elevated privileges." ],
  "statement" : "This issue affects the Linux kernels as shipped with Red Hat Enterprise Linux  7, MRG-2 and realtime and will be addressed in a future update.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2016-09-15T00:00:00Z",
    "advisory" : "RHSA-2016:1875",
    "cpe" : "cpe:/a:redhat:rhel_extras_rt:7",
    "package" : "kernel-rt-0:3.10.0-327.36.1.rt56.237.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2016-09-15T00:00:00Z",
    "advisory" : "RHSA-2016:1847",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "kernel-0:3.10.0-327.36.1.el7"
  }, {
    "product_name" : "Red Hat Enterprise MRG 2",
    "release_date" : "2016-09-14T00:00:00Z",
    "advisory" : "RHSA-2016:1883",
    "cpe" : "cpe:/a:redhat:enterprise_mrg:2:server:el6",
    "package" : "kernel-rt-1:3.10.0-327.rt56.197.el6rt"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2016-4997\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-4997" ],
  "name" : "CVE-2016-4997",
  "csaw" : false
}