PT-2017-1725 · Openbsd · Openbsd
Jesse Hertz
·
Published
2017-03-07
·
Updated
2017-03-09
·
CVE-2016-6243
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
OpenBSD versions 5.8 through 5.9
Description
The issue is related to insufficient input validation in the
thrsleep function in kern/kern synch.c. This allows a local user to cause a denial of service, specifically a kernel panic, by providing a crafted value in the tsp parameter of the thrsleep system call.Recommendations
For OpenBSD versions 5.8 and 5.9, consider restricting access to the
thrsleep system call until a patch is available.
As a temporary workaround, avoid using the tsp parameter in the thrsleep system call to minimize the risk of exploitation.Exploit
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Openbsd