Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-9083

Опубликовано: 12 окт. 2016
Источник: redhat
CVSS3: 5.3
CVSS2: 7.2

Описание

drivers/vfio/pci/vfio_pci.c in the Linux kernel through 4.8.11 allows local users to bypass integer overflow checks, and cause a denial of service (memory corruption) or have unspecified other impact, by leveraging access to a vfio PCI device file for a VFIO_DEVICE_SET_IRQS ioctl call, aka a "state machine confusion bug."

A flaw was discovered in the Linux kernel's implementation of VFIO. An attacker issuing an ioctl can create a situation where memory is corrupted and modify memory outside of the expected area. This may overwrite kernel memory and subvert kernel execution.

Отчет

This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2. This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7. This has been rated as having Moderate security impact and is currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelNot affected
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise MRG 2realtime-kernelNot affected
Red Hat Enterprise Linux 7kernel-rtFixedRHSA-2017:038702.03.2017
Red Hat Enterprise Linux 7kernelFixedRHSA-2017:038602.03.2017

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-391
https://bugzilla.redhat.com/show_bug.cgi?id=1389258kernel: State machine confusion bug in vfio driver leading to memory corruption

5.3 Medium

CVSS3

7.2 High

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-9083

CVSS3: 7.8
ubuntu
больше 8 лет назад

drivers/vfio/pci/vfio_pci.c in the Linux kernel through 4.8.11 allows local users to bypass integer overflow checks, and cause a denial of service (memory corruption) or have unspecified other impact, by leveraging access to a vfio PCI device file for a VFIO_DEVICE_SET_IRQS ioctl call, aka a "state machine confusion bug."

nvd логотип

CVE-2016-9083

CVSS3: 7.8
nvd
больше 8 лет назад

drivers/vfio/pci/vfio_pci.c in the Linux kernel through 4.8.11 allows local users to bypass integer overflow checks, and cause a denial of service (memory corruption) or have unspecified other impact, by leveraging access to a vfio PCI device file for a VFIO_DEVICE_SET_IRQS ioctl call, aka a "state machine confusion bug."

debian логотип

CVE-2016-9083

CVSS3: 7.8
debian
больше 8 лет назад

drivers/vfio/pci/vfio_pci.c in the Linux kernel through 4.8.11 allows ...

github логотип

GHSA-5r95-3f2r-9v8g

CVSS3: 7.8
github
около 3 лет назад

drivers/vfio/pci/vfio_pci.c in the Linux kernel through 4.8.11 allows local users to bypass integer overflow checks, and cause a denial of service (memory corruption) or have unspecified other impact, by leveraging access to a vfio PCI device file for a VFIO_DEVICE_SET_IRQS ioctl call, aka a "state machine confusion bug."

oracle-oval логотип

ELSA-2017-0386

oracle-oval
больше 8 лет назад

ELSA-2017-0386: kernel security, bug fix, and enhancement update (IMPORTANT)

5.3 Medium

CVSS3

7.2 High

CVSS2