CVE-2016-8636
Ubuntu Security Notice USN-3361-1
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Integer overflow in the mem_check_range function in drivers/infiniband/sw/rxe/rxe_mr.c in the Linux kernel before 4.9.10 allows local users to cause a denial of service (memory corruption), obtain sensitive information from kernel memory, or possibly have unspecified other impact via a write or read request involving the "RDMA protocol over infiniband" (aka Soft RoCE) technology.
Desbordamiento de entero en la función mem_check_range en drivers/infiniband/sw/rxe/rxe_mr.c en el kernel de Linux en versiones anteriores a 4.9.10 permite a usuarios locales provocar una denegación de servicio (corrupción de memoria), obtener información sensible desde la memoria del kernel, o posiblemente tener otro impacto no especificado a través de una petición de escritura o lectura involucrando a la tecnología "RDMA protocol over infiniband" (también conocida como Soft RoCE).
USN-3358-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS. Please note that this update changes the Linux HWE kernel to the 4.10 based kernel from Ubuntu 17.04, superseding the 4.8 based HWE kernel from Ubuntu 16.10. Ben Harris discovered that the Linux kernel would strip extended privilege attributes of files when performing a failed unprivileged system call. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-10-12 CVE Reserved
- 2017-02-22 CVE Published
- 2019-09-20 First Exploit
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-190: Integer Overflow or Wraparound
CAPEC
References (8)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/96189 | Third Party Advisory |
URL | Date | SRC |
---|---|---|
https://github.com/jigerjain/Integer-Overflow-test | 2019-09-20 |
URL | Date | SRC |
---|---|---|
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.10 | 2023-01-17 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.8 < 4.9.10 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.8 < 4.9.10" | - |
Affected
|