CVE-2016-6522

Name of the Vulnerable Software and Affected Versions OpenBSD version 5.9

Description The issue is caused by an integer overflow in the uvm map isavail function, which can be triggered by a local user via a crafted mmap call. This results in a denial of service, specifically a kernel panic, when the new mapping overlaps with an existing mapping.

Recommendations For OpenBSD version 5.9, consider applying configuration changes to restrict the use of the mmap system call to minimize the risk of exploitation. As a temporary workaround, restrict access to the uvm map isavail function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.