Important Information Regarding Linux kernel Vulnerability (CVE-2016-10229)

Abstract

CVE-2016-10229 may allow remote attackers to create a kernel panic or memory corruption leading to privilege escalation.

Severity

Critical

Affected

• Products
  • DSM 6.0
• Models
  • RS2416RP+, RS2416+, RS18016xs+, DS416slim, DS416j, DS416, DS716+, DS216se, DS216play, DS216j, DS216+, DS216, RC18015xs+, DS3615xs, DS2415+, DS2015xs, DS1815+, DS1515+, DS1515, RS815RP+, RS815+, RS815, DS415play, DS415+, DS715, DS215j, DS215+, DS115j, DS115, RS3614xs+, RS3614xs, RS3614RPxs, RS2414RP+, RS2414+, RS814RP+, RS814+, RS814, DS414slim, DS414j, DS414, RS214, DS214se, DS214play, DS214+, DS214, DS114, DS2413+, RS3413xs+, RS10613xs+, DS1813+, DS1513+, DS413j, DS413, DS713+, DS213j, DS213air, DS213+, DS213, DS3612xs, RS3412xs, RS3412RPxs, RS2212RP+, RS2212+, DS1812+, DS1512+, RS812RP+, RS812+, RS812, DS412+, RS212, DS712+, DS212j, DS212+, DS212, DS112j, DS112+, DS112, DS3611xs, DS2411+, RS3411xs, RS3411RPxs, RS2211RP+, RS2211+, DS1511+, RS411, DS411slim, DS411j, DS411+II, DS411+, DS411, DS211j, DS211+, DS211, DS111

Description

udp.c in the Linux kernel before 4.5 allows remote attackers to execute arbitrary code via UDP traffic that triggers an unsafe second checksum calculation during execution of a recv system call with the MSG_PEEK flag.

Mitigation

None

Update Availability

Synology will release a DSM 6.0 update (6.0.2-8451-11) to address this issue in the next few days.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10229 https://securityaffairs.co/wordpress/57998/hacking/cve-2016-10229-linux.html
https://access.redhat.com/security/cve/cve-2016-10229