PT-2016-7647 · Linux+5 · Linux Kernel+5

Vlad Tsyrklevich

Published

2016-11-27

Updated

2023-01-17

CVE-2016-9083

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions through 4.8.11

Description The issue allows local users to bypass integer overflow checks, potentially causing a denial of service (memory corruption) or having unspecified other impact. This is achieved by leveraging access to a vfio PCI device file for a VFIO DEVICE SET IRQS ioctl call, which is described as a state machine confusion bug.

Recommendations For Linux kernel versions through 4.8.11, update to a version later than 4.8.11 to resolve the issue. As a temporary workaround, consider restricting access to vfio PCI device files to minimize the risk of exploitation.

Fix

DoS

Buffer Overflow

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-190

Related Identifiers

ALT-PU-2017-1050

ALT-PU-2017-1330

CESA-2017_0386

CVE-2016-9083

MGASA-2017-0136

MGASA-2017-0147

MGASA-2017-0148

OPENSUSE-SU-2016_3050-1

OPENSUSE-SU-2016_3058-1

RHSA-2017:0386

RHSA-2017:0387

RHSA-2017_0386

RHSA-2017_0387

SUSE-SU-2017:0181-1

SUSE-SU-2017:0407-1

SUSE-SU-2017:0464-1

SUSE-SU-2017:0471-1

USN-3312-1

USN-3312-2

USN-3361-1

USN-3422-1

USN-3422-2

Affected Products

Alt Linux

Centos

Linux Kernel

Red Hat

Suse

Ubuntu

PT-2016-7647 · Linux+5 · Linux Kernel+5

CVE-2016-9083

Weakness Enumeration

Related Identifiers

Affected Products

References · 396