CVE-2016-6213

fs/namespace.c in the Linux kernel before 4.9 does not restrict how many mounts may exist in a mount namespace, which allows local users to cause a denial of service (memory consumption and deadlock) via MS_BIND mount system calls, as demonstrated by a loop that triggers exponential growth in the number of mounts.

Severity: MEDIUM (4.7) Vector: AV:L/AC:M/Au:N/C:N/I:N/A:C

Severity: MEDIUM (4.7) Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

Published: 2016-12-28
Modified: 2025-04-12

CVE-2016-9755

The netfilter subsystem in the Linux kernel before 4.9 mishandles IPv6 reassembly, which allows local users to cause a denial of service (integer overflow, out-of-bounds write, and GPF) or possibly have unspecified other impact via a crafted application that makes socket, connect, and writev system calls, related to net/ipv6/netfilter/nf_conntrack_reasm.c and net/ipv6/netfilter/nf_defrag_ipv6_hooks.c.

Severity: MEDIUM (4.6) Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Severity: HIGH (7.8) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Version: 2.1.2

Package kernel-image-un-def update in p8 on 2017-01-09

ALT-PU-2017-1013-1

Closed vulnerabilities

CVE-2016-6213

CVE-2016-9755