PT-2016-7647 · Linux+5 · Linux Kernel+5

Vlad Tsyrklevich

Publicado

2016-11-27

Atualizado

2023-01-17

CVE-2016-9083

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions through 4.8.11

Description The issue allows local users to bypass integer overflow checks, potentially causing a denial of service (memory corruption) or having unspecified other impact. This is achieved by leveraging access to a vfio PCI device file for a VFIO DEVICE SET IRQS ioctl call, which is described as a state machine confusion bug.

Recommendations For Linux kernel versions through 4.8.11, update to a version later than 4.8.11 to resolve the issue. As a temporary workaround, consider restricting access to vfio PCI device files to minimize the risk of exploitation.

Correção

DoS

Buffer Overflow

Integer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119CWE-190

Identificadores relacionados

ALT-PU-2017-1050

ALT-PU-2017-1330

CESA-2017_0386

CVE-2016-9083

MGASA-2017-0136

MGASA-2017-0147

MGASA-2017-0148

OPENSUSE-SU-2016_3050-1

OPENSUSE-SU-2016_3058-1

RHSA-2017:0386

RHSA-2017:0387

RHSA-2017_0386

RHSA-2017_0387

SUSE-SU-2017:0181-1

SUSE-SU-2017:0407-1

SUSE-SU-2017:0464-1

SUSE-SU-2017:0471-1

USN-3312-1

USN-3312-2

USN-3361-1

USN-3422-1

USN-3422-2

Produtos afetados

Alt Linux

Centos

Linux Kernel

Red Hat

Suse

Ubuntu

PT-2016-7647 · Linux+5 · Linux Kernel+5

CVE-2016-9083

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 396