CVE-2016-9777
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
KVM in the Linux kernel before 4.8.12, when I/O APIC is enabled, does not properly restrict the VCPU index, which allows guest OS users to gain host OS privileges or cause a denial of service (out-of-bounds array access and host OS crash) via a crafted interrupt request, related to arch/x86/kvm/ioapic.c and arch/x86/kvm/ioapic.h.
KVM en el kernel de Linux en versiones anteriores a 4.8.12, cuando se habilita I/O APIC, no restringe adecuadamente el índice VCPU, lo que permite a usuarios de SO invitados obtener privilegios del SO de anfitrión o provocar una denegación de servicio (acceso al array fuera de rango y caída del SO anfitrión) a través de una petición interrumpida manipulada, relacionado con arch/x86/kvm/ioapic.c y arch/x86/kvm/ioapic.h.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-12-02 CVE Reserved
- 2016-12-28 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-125: Out-of-bounds Read
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.12 | Release Notes | |
| http://www.securityfocus.com/bid/94640 | Third Party Advisory | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1400804 | Issue Tracking |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.8 < 4.8.12 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.8 < 4.8.12" | - |
Affected
| ||||||