CVE-2016-10229: Linux kernel vulnerability makes all Android devices and Linux system vulnerable.

Arjun Chandran

Bronze I
Staff member
463
164
1,300
#1
the Linux kernel broke a high-risk vulnerability (CVE-2016-10229), before the system Linux kernel version 4.5, when recv to MSG_PEEK flag is called, the attacker can be triggered by UDP. An insecure secondary checksum calculation, in order to remotely execute the code, may cause the system to be controlled or cause a denial of service attack.

Affected version

  • Linux Version <4.5
  • Linux kernel 4.4.30
  • Linux kernel 4.4.29
  • Linux kernel 4.4.28
  • Linux kernel 4.4.27
  • Linux kernel 4.4.25
  • Linux kernel 4.4.24
  • + SuSE Linux 7.2
  • Linux kernel 4.4.23
  • Linux kernel 4.4.22
  • Linux kernel 4.4.7
  • Linux kernel 4.4.2
  • Linux kernel 4.2.3
  • Linux kernel 4.1.4
  • Linux kernel 4.1.1
  • Linux kernel 4.0.6
  • Linux kernel 3.19.3
  • Linux kernel 3.18.22
  • Linux kernel 3.18.17
  • Linux kernel 3.18.11
  • Linux kernel 3.18.8
  • Linux kernel 3.18.7
  • Linux kernel 3.18.3
  • Linux kernel 3.18.2
  • Linux kernel 3.18.1
  • Linux kernel 3.17.4
  • Linux kernel 3.17.2
  • Linux kernel 3.16.7
  • Linux kernel 3.16.2
  • Linux kernel 3.16.1
  • Linux kernel 3.15.10
  • Linux kernel 3.15.5
  • Linux kernel 3.15.2
  • Linux kernel 3.14.54
  • Linux kernel 3.14.45
  • Linux kernel 3.14.37
  • Linux kernel 3.14.4
  • Linux kernel 3.14.3
  • Linux kernel 3.14.2
  • Linux kernel 3.13.11
  • Linux kernel 3.13.9
  • Linux kernel 3.13.3
  • Linux kernel 3.13.1
  • Linux kernel 3.12.49
  • Linux kernel 3.12.48
  • Linux kernel 3.12.44
  • Linux kernel 3.12.40
  • Linux kernel 3.12.21
  • Linux kernel 3.12.18
  • Linux kernel 3.12.1
  • … more
  • Google Pixel XL
  • Google Pixel C
  • Google Pixel
  • Google Nexus Player
  • Google Nexus 9
  • Google Nexus 6P
  • Google Nexus 6
  • Google Nexus 5X
  • Google Android One
  • Google Android
How to fix
  • Linux official has released patches to fix the vulnerability, please affected users as soon as possible to upgrade to the latest version.
  • Professional users can modify the code to recompile the new kernel can be installed.
The Linux kernel remote code execution (CVE-2016-10229) vulnerability is mainly due to the fact that the kernel checksum on UDP staging packets are incomplete and, at competitive time, may result in remote code execution or denial of service, but the ability to remotely perform attack conditions Very harsh, very difficult to use, attack success is almost impossible to achieve!

Source: CVE-2016-10229: Linux kernel remote code execution vulnerability
 

Sponsored