High severity7.0NVD Advisory· Published Mar 7, 2017· Updated May 13, 2026
CVE-2016-10200
CVE-2016-10200
Description
Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel before 4.8.14 allows local users to gain privileges or cause a denial of service (use-after-free) by making multiple bind system calls without properly ascertaining whether a socket has the SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
11- git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/nvdIssue TrackingPatchThird Party Advisory
- github.com/torvalds/linux/commit/32c231164b762dddefa13af5a0101032c70b50efnvdIssue TrackingPatchThird Party Advisory
- source.android.com/security/bulletin/2017-03-01.htmlnvdThird Party Advisory
- www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.14nvdRelease NotesVendor Advisory
- www.securityfocus.com/bid/101783nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1037965nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1037968nvdThird Party AdvisoryVDB Entry
- access.redhat.com/errata/RHSA-2017:1842nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2017:2077nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2017:2437nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2017:2444nvdThird Party Advisory
News mentions
0No linked articles in our index yet.