CVE-2016-9083
kernel: State machine confusion bug in vfio driver leading to memory corruption
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
drivers/vfio/pci/vfio_pci.c in the Linux kernel through 4.8.11 allows local users to bypass integer overflow checks, and cause a denial of service (memory corruption) or have unspecified other impact, by leveraging access to a vfio PCI device file for a VFIO_DEVICE_SET_IRQS ioctl call, aka a "state machine confusion bug."
drivers/vfio/pci/vfio_pci.c en el kernel Linux hasta la versión 4.8.11 permite a usuarios locales eludir comprobaciones de desbordamiento de enteros, y provocar una denegación de servicio (corrupción de memoria) o tener otro posible impacto no especificado, aprovechando el acceso al archivo de dispositivo vfio PCI para una llamada ioctl VFIO_DEVICE_SET_IRQS, vulnerabilidad también conocida como "state machine confusion bug".
A flaw was discovered in the Linux kernel's implementation of VFIO. An attacker issuing an ioctl can create a situation where memory is corrupted and modify memory outside of the expected area. This may overwrite kernel memory and subvert kernel execution.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-10-27 CVE Reserved
- 2016-11-28 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
- CWE-190: Integer Overflow or Wraparound
- CWE-391: Unchecked Error Condition
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2016/10/26/11 | Mailing List |
|
| http://www.securityfocus.com/bid/93929 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2017-0386.html | 2023-01-17 | |
| http://rhn.redhat.com/errata/RHSA-2017-0387.html | 2023-01-17 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1389258 | 2017-03-02 | |
| https://access.redhat.com/security/cve/CVE-2016-9083 | 2017-03-02 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.6 < 3.10.107 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.6 < 3.10.107" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.11 < 3.12.70 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.11 < 3.12.70" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.13 < 3.16.39 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.13 < 3.16.39" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.17 < 3.18.51 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.17 < 3.18.51" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.19 < 4.1.41 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.19 < 4.1.41" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.2 < 4.4.65 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.2 < 4.4.65" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.5 < 4.9 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.5 < 4.9" | - |
Affected
| ||||||