CVE-2016-10200

HIGH Year: 2016
CVSS v3 Score
7.0
High
CVSS v2 Score
6.9
Medium
Weakness Type
CWE-264
View all →

Vulnerability Description

Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel before 4.8.14 allows local users to gain privileges or cause a denial of service (use-after-free) by making multiple bind system calls without properly ascertaining whether a socket has the SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c.

Related Vulnerabilities

CVE-2014-3222

HIGH
CVSS:7.0(High)

In Huawei eSpace Meeting with software V100R001C03SPC201 and the earlier versions, attackers that obtain the permissions assigned to common users can elevate privileges to access and set specific key ...

CWE-2642014

CVE-2014-9909

HIGH
CVSS:7.0(High)

An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High ...

CWE-2642014

CVE-2014-9910

HIGH
CVSS:7.0(High)

An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High ...

CWE-2642014

CVE-2015-0162

HIGH
CVSS:7.0(High)

IBM Security SiteProtector System 3.0, 3.1, and 3.1.1 allows local users to gain privileges.

CWE-2642015

CVE-2015-3222

HIGH
CVSS:7.0(High)

syscheck/seechanges.c in OSSEC 2.7 through 2.8.1 on NIX systems allows local users to execute arbitrary code as root.

CWE-2642015

CVE-2015-4685

HIGH
CVSS:7.0(High)

Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows local users with access to the plcm account to gain privileges via a script in /var/polycom/cma/upgrade/scripts, related to a sudo mi...

CWE-2642015