Vulnerability Details : CVE-2016-10764
In the Linux kernel before 4.9.6, there is an off by one in the drivers/mtd/spi-nor/cadence-quadspi.c cqspi_setup_flash() function. There are CQSPI_MAX_CHIPSELECT elements in the ->f_pdata array so the ">" should be ">=" instead.
Vulnerability category: Overflow
Products affected by CVE-2016-10764
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-10764
0.64%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 79 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-10764
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2016-10764
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-10764
-
https://github.com/torvalds/linux/commit/193e87143c290ec16838f5368adc0e0bc94eb931
mtd: spi-nor: Off by one in cqspi_setup_flash() · torvalds/linux@193e871 · GitHubPatch;Third Party Advisory
-
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=193e87143c290ec16838f5368adc0e0bc94eb931
kernel/git/torvalds/linux.git - Linux kernel source treePatch;Vendor Advisory
-
https://support.f5.com/csp/article/K24444495
Third Party Advisory
-
https://support.f5.com/csp/article/K24444495?utm_source=f5support&utm_medium=RSS
Third Party Advisory
-
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.6
Release Notes;Third Party Advisory
Jump to