PT-2016-3112 · Linux+2 · Linux Kernel+2

Dan Carpenter

Published

2016-12-01

Updated

2023-01-19

CVE-2016-10150

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.8.13

Description The issue is related to a use-after-free vulnerability in the kvm ioctl create device function. This vulnerability can be exploited by host OS users to cause a denial of service, resulting in a host OS crash, or possibly gain privileges via crafted ioctl calls on the /dev/kvm device.

Recommendations For Linux kernel versions prior to 4.8.13, update to version 4.8.13 or later to resolve the issue. As a temporary workaround, consider restricting access to the /dev/kvm device to minimize the risk of exploitation.

Fix

DoS

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264CWE-416

Related Identifiers

ALT-PU-2016-2437

BDU:2017-01274

CVE-2016-10150

USN-3190-1

USN-3190-2

Affected Products

Alt Linux

Linux Kernel

Ubuntu

PT-2016-3112 · Linux+2 · Linux Kernel+2

CVE-2016-10150

Weakness Enumeration

Related Identifiers

Affected Products

References · 24