Description
* A use-after-free vulnerability was found in the kernels socket recvmmsg
subsystem. This may allow remote attackers to corrupt memory and may allow
execution of arbitrary code. This corruption takes place during the error
handling routines within __sys_recvmmsg() function. (CVE-2016-7117, Important)
* An out-of-bounds heap memory access leading to a Denial of Service, heap
disclosure, or further impact was found in setsockopt(). The function call is
normally restricted to root, however some processes with cap_sys_admin may also
be able to trigger this flaw in privileged container environments.
(CVE-2016-4998, Moderate)
* A use-after-free vulnerability was found in tcp_xmit_retransmit_queue and
other tcp_* functions. This condition could allow an attacker to send an
incorrect selective acknowledgment to existing connections, possibly resetting a
connection. (CVE-2016-6828, Moderate)