Elevation of privilege vulnerability in kernel networking subsystem

CVE numbers: CVE-2014-9914 [Bulletin-CVE-2014-9914]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in kernel networking subsystem
Details: Race condition in the ip4_datagram_release_cb function in net/ipv4/datagram.c in the Linux kernel before 3.15.2 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging incorrect expectations about locking during multithreaded access to internal data structures for IPv4 UDP sockets. [NIST-CVE-2014-9914]
Discovered by: on: Unknown
Reported on: 2017-02-01 [Bulletin-CVE-2014-9914]
Fixed on: 2014-06-10 [Upstream kernel]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2014-9914]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE numbers: CVE-2013-7446 [Bulletin-CVE-2013-7446]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in kernel networking subsystem
Details: Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel before 4.3.3 allows local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls. [NIST-CVE-2013-7446]
Discovered by: on: Unknown
Reported on: 2016-09-01 [Bulletin-CVE-2013-7446]
Fixed on: 2015-11-20 [Upstream kernel]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2013-7446]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE numbers: CVE-2016-9806 [Bulletin-CVE-2016-9806]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in kernel networking subsystem
Details: Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel before 4.6.3 allows local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that makes sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated. [NIST-CVE-2016-9806]
Discovered by: on: Unknown
Reported on: 2017-03-01 [Bulletin-CVE-2016-9806]
Fixed on: 2016-05-16 [Upstream kernel]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-9806]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE numbers: CVE-2016-6828 [Bulletin-CVE-2016-6828]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in kernel networking subsystem
Details: The tcp_check_send_head function in include/net/tcp.h in the Linux kernel before 4.7.5 does not properly maintain certain SACK state after a failed data copy, which allows local users to cause a denial of service (tcp_xmit_retransmit_queue use-after-free and system crash) via a crafted SACK option. [NIST-CVE-2016-6828]
Discovered by: on: Unknown
Reported on: 2016-11-01 [Bulletin-CVE-2016-6828]
Fixed on: 2016-08-17 [Upstream kernel]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-6828]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

CVE numbers: CVE-2016-10200 [Bulletin-CVE-2016-10200]
Coordinated disclosure?: unknown
Categories: Elevation of privilege vulnerability in kernel networking subsystem
Details: Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel before 4.8.14 allows local users to gain privileges or cause a denial of service (use-after-free) by making multiple bind system calls without properly ascertaining whether a socket has the SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c. [NIST-CVE-2016-10200]
Discovered by: on: Unknown
Reported on: 2017-03-01 [Bulletin-CVE-2016-10200]
Fixed on: 2016-11-18 [Upstream kernel]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-10200]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

AndroidVulnerabilities.org