Loading
The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement.
Use CWE-264, Linux vendor hub and Linux Kernel product page to widen CVE-2016-4997 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2026-31669, CVE-2026-31668 and CVE-2026-31667 for nearby disclosures in the same product family.