CVE-2016-8630
kernel: kvm: x86: NULL pointer dereference during instruction decode
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The x86_decode_insn function in arch/x86/kvm/emulate.c in the Linux kernel before 4.8.7, when KVM is enabled, allows local users to cause a denial of service (host OS crash) via a certain use of a ModR/M byte in an undefined instruction.
La función x86_decode_insn en arch/x86/kvm/emulate.c en el kernel Linux en versiones anteriores a 4.8.7, cuando KVM está habilitado, permite a usuarios locales provocar una denegación de servicio (caída de SO anfitrión ) a través de cierto uso del byte ModR/M en una instrucción no definida.
Linux kernel built with the Kernel-based Virtual Machine (CONFIG_KVM) support is vulnerable to a null pointer dereference flaw. It could occur on x86 platform, when emulating an undefined instruction. An attacker could use this flaw to crash the host kernel resulting in DoS.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-10-12 CVE Reserved
- 2016-11-28 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-284: Improper Access Control
- CWE-476: NULL Pointer Dereference
CAPEC
References (9)
URL | Tag | Source |
---|---|---|
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.7 | Release Notes | |
http://www.openwall.com/lists/oss-security/2016/11/22/3 | Mailing List | |
http://www.securityfocus.com/bid/94459 | Vdb Entry |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://rhn.redhat.com/errata/RHSA-2017-0386.html | 2023-02-12 | |
http://rhn.redhat.com/errata/RHSA-2017-0387.html | 2023-02-12 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1393350 | 2017-03-02 | |
https://access.redhat.com/security/cve/CVE-2016-8630 | 2017-03-02 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | <= 4.8.6 Search vendor "Linux" for product "Linux Kernel" and version " <= 4.8.6" | - |
Affected
|