Welcome to ARC Forums

Join our group of tech enthusiasts and Android developers

CVE-2016-10229: Linux kernel vulnerability makes all Android devices and Linux system vulnerable.

Discussion in 'Tech News' started by Arjun Chandran, Apr 15, 2017.

  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
  1. Arjun Chandran

    Arjun Chandran Super Samurai
    Staff Member

    348
    131
    1,900
    Ratings:
    +131 / 0 / -0
    the Linux kernel broke a high-risk vulnerability (CVE-2016-10229), before the system Linux kernel version 4.5, when recv to MSG_PEEK flag is called, the attacker can be triggered by UDP. An insecure secondary checksum calculation, in order to remotely execute the code, may cause the system to be controlled or cause a denial of service attack.

    Affected version

    • Linux Version <4.5
    • Linux kernel 4.4.30
    • Linux kernel 4.4.29
    • Linux kernel 4.4.28
    • Linux kernel 4.4.27
    • Linux kernel 4.4.25
    • Linux kernel 4.4.24
    • + SuSE Linux 7.2
    • Linux kernel 4.4.23
    • Linux kernel 4.4.22
    • Linux kernel 4.4.7
    • Linux kernel 4.4.2
    • Linux kernel 4.2.3
    • Linux kernel 4.1.4
    • Linux kernel 4.1.1
    • Linux kernel 4.0.6
    • Linux kernel 3.19.3
    • Linux kernel 3.18.22
    • Linux kernel 3.18.17
    • Linux kernel 3.18.11
    • Linux kernel 3.18.8
    • Linux kernel 3.18.7
    • Linux kernel 3.18.3
    • Linux kernel 3.18.2
    • Linux kernel 3.18.1
    • Linux kernel 3.17.4
    • Linux kernel 3.17.2
    • Linux kernel 3.16.7
    • Linux kernel 3.16.2
    • Linux kernel 3.16.1
    • Linux kernel 3.15.10
    • Linux kernel 3.15.5
    • Linux kernel 3.15.2
    • Linux kernel 3.14.54
    • Linux kernel 3.14.45
    • Linux kernel 3.14.37
    • Linux kernel 3.14.4
    • Linux kernel 3.14.3
    • Linux kernel 3.14.2
    • Linux kernel 3.13.11
    • Linux kernel 3.13.9
    • Linux kernel 3.13.3
    • Linux kernel 3.13.1
    • Linux kernel 3.12.49
    • Linux kernel 3.12.48
    • Linux kernel 3.12.44
    • Linux kernel 3.12.40
    • Linux kernel 3.12.21
    • Linux kernel 3.12.18
    • Linux kernel 3.12.1
    • … more
    • Google Pixel XL
    • Google Pixel C
    • Google Pixel
    • Google Nexus Player
    • Google Nexus 9
    • Google Nexus 6P
    • Google Nexus 6
    • Google Nexus 5X
    • Google Android One
    • Google Android
    How to fix
    • Linux official has released patches to fix the vulnerability, please affected users as soon as possible to upgrade to the latest version.
    • Professional users can modify the code to recompile the new kernel can be installed.
    The Linux kernel remote code execution (CVE-2016-10229) vulnerability is mainly due to the fact that the kernel checksum on UDP staging packets are incomplete and, at competitive time, may result in remote code execution or denial of service, but the ability to remotely perform attack conditions Very harsh, very difficult to use, attack success is almost impossible to achieve!

    Source: CVE-2016-10229: Linux kernel remote code execution vulnerability
     

Share This Page