Vulnerability Description
The IPv4 implementation in the Linux kernel before 4.5.2 mishandles destruction of device objects, which allows guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Novell | Suse Linux Enterprise Software Development Kit | 11.0 |
| Novell | Suse Linux Enterprise Debuginfo | 11.0 |
| Novell | Suse Linux Enterprise Desktop | 12.0 |
| Novell | Suse Linux Enterprise Live Patching | 12.0 |
| Novell | Suse Linux Enterprise Module For Public Cloud | 12.0 |
| Novell | Suse Linux Enterprise Real Time Extension | 11.0 |
| Novell | Suse Linux Enterprise Server | 11.0 |
| Novell | Suse Linux Enterprise Workstation Extension | 12.0 |
| Canonical | Ubuntu Linux | 12.04 |
| Linux | Linux Kernel | <= 4.5.1 |
Related Weaknesses (CWE)
References
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fbd40e
- http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.html
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00060.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00059.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html
- http://rhn.redhat.com/errata/RHSA-2016-2574.html
- http://rhn.redhat.com/errata/RHSA-2016-2584.html
- http://www.debian.org/security/2016/dsa-3607
- http://www.openwall.com/lists/oss-security/2016/03/15/3
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.h
- http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.htm
- http://www.securityfocus.com/bid/84428
FAQ
What is CVE-2016-3156?
CVE-2016-3156 is a vulnerability with a CVSS score of 5.5 (MEDIUM). The IPv4 implementation in the Linux kernel before 4.5.2 mishandles destruction of device objects, which allows guest OS users to cause a denial of service (host OS networking outage) by arranging for...
How severe is CVE-2016-3156?
CVE-2016-3156 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-3156?
Check the references section above for vendor advisories and patch information. Affected products include: Novell Suse Linux Enterprise Software Development Kit, Novell Suse Linux Enterprise Debuginfo, Novell Suse Linux Enterprise Desktop, Novell Suse Linux Enterprise Live Patching, Novell Suse Linux Enterprise Module For Public Cloud.