CVE-2016-9039

Name of the Vulnerable Software and Affected Versions Joyent SmartOS version 20161110T013148Z

Description A denial of service issue exists due to a memory exhaustion vulnerability in the Hyprlofs file system. The issue is present in the Ioctl system call with the command HYPRLOFS ADD ENTRIES, allowing an attacker to cause a buffer to be allocated and never freed. Repeated exploitation can lead to full system denial of service.

Recommendations For Joyent SmartOS version 20161110T013148Z, as a temporary workaround, consider restricting the use of the HYPRLOFS ADD ENTRIES command in the Ioctl system call to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.