CVE-2016-6246

Name of the Vulnerable Software and Affected Versions OpenBSD versions 5.8 through 5.9

Description The issue allows certain local users with kern.usermount privileges to cause a denial of service, resulting in a kernel panic. This can be achieved by mounting a tmpfs with a VNOVAL in the username, groupname, or device name of the root node. The problem exists due to insufficient input validation.

Recommendations For OpenBSD versions 5.8 and 5.9, consider restricting the kern.usermount privileges to prevent local users from mounting tmpfs with malicious settings until a patch is available. As a temporary workaround, avoid using VNOVAL in the username, groupname, or device name of the root node when mounting a tmpfs.