PatchSiren cyber security CVE debrief
CVE-2016-10147 Linux CVE debrief
CVE-2016-10147 is a local denial-of-service issue in the Linux kernel’s crypto/mcryptd.c path. According to the CVE record, a local user can trigger a NULL pointer dereference and crash the system by using an AF_ALG socket with an incompatible algorithm, with mcryptd(md5) given as an example. The NVD record maps affected Linux kernel versions to those before 4.8.15 and assigns a medium severity score (CVSS 3.0 5.5), reflecting high availability impact but no direct confidentiality or integrity impact.
- Vendor
- Linux
- Product
- CVE-2016-10147
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2017-01-18
- Original CVE updated
- 2026-05-13
- Advisory published
- 2017-01-18
- Advisory updated
- 2026-05-13
Who should care
Kernel and distro maintainers, platform teams running Linux systems that expose AF_ALG crypto interfaces, and operators of hosts where untrusted local code, containers, or multi-tenant workloads may run.
Technical summary
The vulnerability is described as a NULL pointer dereference in crypto/mcryptd.c when AF_ALG is used with an incompatible algorithm selection. The NVD weakness mapping is CWE-476 (NULL Pointer Dereference). Impact is limited to availability: a local attacker can cause a kernel crash or denial of service. The supplied record indicates the issue is fixed in Linux 4.8.15 and references a kernel commit and release changelog as remediation evidence.
Defensive priority
Medium. This is not a remote code execution issue, but it is a reliable local crash condition affecting kernel availability. Prioritize on systems that allow untrusted local execution, shared hosting, container hosts, and any fleet still running kernel versions earlier than 4.8.15.
Recommended defensive actions
- Upgrade affected Linux kernels to 4.8.15 or a vendor backport that includes the fix.
- Verify distro errata or kernel changelogs that reference the fix before scheduling remediation.
- Review whether untrusted local users, containers, or sandboxed workloads have access to AF_ALG-related interfaces on exposed systems.
- Treat repeated kernel crashes or NULL pointer dereference reports in crypto/mcryptd.c as a signal to confirm patch status immediately.
- If upgrades must be delayed, reduce exposure by restricting who can execute local workloads on impacted hosts.
Evidence notes
This debrief is based only on the supplied CVE/NVD corpus and the referenced official or vendor-linked sources listed in the record. The CVE description states the crash condition and example algorithm misuse; the NVD metadata supplies the affected version boundary (before 4.8.15), CVSS vector, and CWE-476 mapping. No additional exploit details or unverified technical claims are included.
Official resources
-
CVE-2016-10147 CVE record
CVE.org
-
CVE-2016-10147 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Issue Tracking, Patch, Third Party Advisory
-
Mitigation or vendor reference
[email protected] - Third Party Advisory
-
Mitigation or vendor reference
[email protected] - Release Notes, Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Mailing List, Third Party Advisory
- Source reference
- Source reference
- Source reference
The CVE record was published on 2017-01-18 and the supplied NVD record was last modified on 2026-05-13. The record indicates the issue was already addressed in Linux 4.8.15 and linked vendor/patch references.