CVE-2016-1886 : Integer signedness error in the genkbd_commonioctl function in sys/dev/kbd/kbd.c

Integer signedness error in the genkbd_commonioctl function in sys/dev/kbd/kbd.c in FreeBSD 9.3 before p42, 10.1 before p34, 10.2 before p17, and 10.3 before p3 allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory overwrite and kernel crash), or gain privileges via a negative value in the flen structure member in the arg argument in a SETFKEY ioctl call, which triggers a "two way heap and stack overflow."

Published 2016-05-25 15:59:03

Updated 2025-04-12 10:46:41

Source MITRE

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2016-1886

Freebsd » Freebsd » Version: 9.3
cpe:2.3:o:freebsd:freebsd:9.3:*:*:*:*:*:*:*
Matching versions
Freebsd » Freebsd » Version: 10.1
cpe:2.3:o:freebsd:freebsd:10.1:*:*:*:*:*:*:*
Matching versions
Freebsd » Freebsd » Version: 10.2
cpe:2.3:o:freebsd:freebsd:10.2:*:*:*:*:*:*:*
Matching versions
Freebsd » Freebsd » Version: 10.3
cpe:2.3:o:freebsd:freebsd:10.3:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2016-1886

EPSS FAQ

0.78%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 71 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2016-1886

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.2	HIGH	AV:L/AC:L/Au:N/C:C/I:C/A:C	3.9	10.0	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
7.8	HIGH	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	1.8	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2016-1886

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2016-1886

https://www.freebsd.org/security/advisories/FreeBSD-SA-16:18.atkbd.asc

Vendor Advisory
https://security.FreeBSD.org/patches/SA-16:18/atkbd.patch

Patch
http://www.securityfocus.com/bid/90734

FreeBSD CVE-2016-1886 Local Buffer Overflow Vulnerability
http://www.securitytracker.com/id/1035905

FreeBSD Buffer Overflow in Keyboard Driver Lets Local Users Gain Elevated Privileges - SecurityTracker
http://cturt.github.io/SETFKEY.html

Analysis of CVE-2016-1886, SETFKEY FreeBSD kernel vulnerability
Exploit

Jump to

Vulnerability Details : CVE-2016-1886

Products affected by CVE-2016-1886

Exploit prediction scoring system (EPSS) score for CVE-2016-1886

CVSS scores for CVE-2016-1886

CWE ids for CVE-2016-1886

References for CVE-2016-1886