CVE-2016-10229

Published: Apr 4, 2017Modified: May 13, 2026

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

udp.c in the Linux kernel before 4.5 allows remote attackers to execute arbitrary code via UDP traffic that triggers an unsafe second checksum calculation during execution of a recv system call with the MSG_PEEK flag.

Affected (10)

Products: Linux: Linux Kernel · Google: Android

1 product

1 product

Configuration A

9 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	From 3.11 to 3.12.53
Linux Linux Kernel	From 3.13 to 3.14.77
Linux Linux Kernel	From 3.15 to 3.16.35
Linux Linux Kernel	From 3.17 to 3.18.45
Linux Linux Kernel	From 3.19 to 4.1.40
Linux Linux Kernel	From 3.2 to 3.2.76
Linux Linux Kernel	From 3.3 to 3.4.113
Linux Linux Kernel	From 3.5 to 3.10.103
Linux Linux Kernel	From 4.2 to 4.4.21

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Google Android	Up to 7.1.1

Related CWEs

Improperly Implemented Security Check for Standard

The product does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique.

References (13)

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=197c949e7798fbf28cfadc69d9ca0c2abbf93191

Source: security@android.com

Issue TrackingPatchThird Party Advisory

http://source.android.com/security/bulletin/2017-04-01.html

Source: security@android.com

PatchThird Party Advisory

http://www.securityfocus.com/bid/97397

Source: security@android.com

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1038201

Source: security@android.com

Third Party AdvisoryVDB Entry

https://github.com/torvalds/linux/commit/197c949e7798fbf28cfadc69d9ca0c2abbf93191

Source: security@android.com

Issue TrackingPatchThird Party Advisory

https://security.paloaltonetworks.com/CVE-2016-10229

Source: security@android.com

Third Party Advisory

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=197c949e7798fbf28cfadc69d9ca0c2abbf93191

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

http://source.android.com/security/bulletin/2017-04-01.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

http://www.securityfocus.com/bid/97397

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1038201

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://github.com/torvalds/linux/commit/197c949e7798fbf28cfadc69d9ca0c2abbf93191

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

https://security.netapp.com/advisory/ntap-20250103-0008/

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.paloaltonetworks.com/CVE-2016-10229

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.