CVE-2016-9040

Name of the Vulnerable Software and Affected Versions Joyent SmartOS OS version 20161110T013148Z

Description The issue is related to a denial of service in the Hyprlofs file system. It is present in the Ioctl system call with the command HYPRLOFSADDENTRIES when used with a 32-bit model. An attacker can cause a buffer to be allocated and never freed, leading to memory exhaustion and a full system denial of service when repeatedly exploited.

Recommendations For Joyent SmartOS OS version 20161110T013148Z, as a temporary workaround, consider restricting the use of the Ioctl system call with the command HYPRLOFSADDENTRIES to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.