// For flags

CVE-2016-9031

 

Severity Score

7.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

An exploitable integer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES when dealing with 32-bit file systems. An attacker can craft an input that can cause a kernel panic and potentially be leveraged into a full privilege escalation vulnerability. This vulnerability is distinct from CVE-2016-8733.

Existe un desbordamiento de entero explotable en el sistema de archivo Joyent SmartOS 20161110T013148Z Hyprlof. La vulnerabilidad está presente en el sistema de llamada loctl con el comando HYPRLOFS_ADD_ENTRIES cuando trabaja con sistemas de archivo 32-bit. Un atacante puede manipular una entrada que puede causar pánico de kernel y potencialmente ser aprovechada para una vulnerabilidad de escalada de privilegios completa. Esta vulnerabilidad es distinta de CVE-2016-8733.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Medium
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2016-10-26 CVE Reserved
  • 2016-12-14 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-06 CVE Updated
  • 2024-08-06 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-190: Integer Overflow or Wraparound
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Joyent
Search vendor "Joyent"
Smartos
Search vendor "Joyent" for product "Smartos"
20161110t013148z
Search vendor "Joyent" for product "Smartos" and version "20161110t013148z"
-
Affected