Remote code execution vulnerability in kernel networking subsystem

CVE numbers: CVE-2016-10229 [Bulletin-CVE-2016-10229]
Coordinated disclosure?: unknown
Categories: Remote code execution vulnerability in kernel networking subsystem
Details: udp.c in the Linux kernel before 4.5 allows remote attackers to execute arbitrary code via UDP traffic that triggers an unsafe second checksum calculation during execution of a recv system call with the MSG_PEEK flag. [NIST-CVE-2016-10229]
Discovered by: on: Unknown
Reported on: 2017-04-01 [Bulletin-CVE-2016-10229]
Fixed on: 2015-12-30 [Upstream kernel]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-10229]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-26

CVE numbers: CVE-2016-7117 [Bulletin-CVE-2016-7117]
Coordinated disclosure?: unknown
Categories: Remote code execution vulnerability in kernel networking subsystem
Details: Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing. [NIST-CVE-2016-7117]
Discovered by: on: Unknown
Reported on: 2016-10-01 [Bulletin-CVE-2016-7117]
Fixed on: 2016-03-14 [Upstream kernel]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: all [Bulletin-CVE-2016-7117]
Fixed versions:
Submission: by: Daniel Carter, on: 2019-07-29

AndroidVulnerabilities.org