Vulnerability Details : CVE-2016-8633
drivers/firewire/net.c in the Linux kernel before 4.8.7, in certain unusual hardware configurations, allows remote attackers to execute arbitrary code via crafted fragmented packets.
Vulnerability category: OverflowExecute codeBypassGain privilege
Products affected by CVE-2016-8633
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-8633
5.24%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 92 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-8633
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.2
|
MEDIUM | AV:L/AC:H/Au:N/C:C/I:C/A:C |
1.9
|
10.0
|
NIST | |
6.8
|
MEDIUM | CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
0.9
|
5.9
|
NIST |
CWE ids for CVE-2016-8633
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
-
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-8633
-
http://www.openwall.com/lists/oss-security/2016/11/06/1
oss-security - Re: [engineering.redhat.com #426293] CVE Request - firewire driver RCE - linux 4.8Mailing List;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2019:1170
RHSA-2019:1170 - Security Advisory - Red Hat Customer Portal
-
https://github.com/torvalds/linux/commit/667121ace9dbafb368618dbabcf07901c962ddac
firewire: net: guard against rx buffer overflows · torvalds/linux@667121a · GitHubIssue Tracking;Patch;Third Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=1391490
1391490 – (CVE-2016-8633) CVE-2016-8633 kernel: Buffer overflow in firewire driver via crafted incoming packetsIssue Tracking
-
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=667121ace9dbafb368618dbabcf07901c962ddac
kernel/git/torvalds/linux.git - Linux kernel source treeIssue Tracking;Patch;Vendor Advisory
-
http://www.securityfocus.com/bid/94149
Linux Kernel CVE-2016-8633 Local Buffer Overflow Vulnerability
-
https://access.redhat.com/errata/RHSA-2018:0676
RHSA-2018:0676 - Security Advisory - Red Hat Customer Portal
-
https://access.redhat.com/errata/RHSA-2018:1062
RHSA-2018:1062 - Security Advisory - Red Hat Customer Portal
-
https://eyalitkin.wordpress.com/2016/11/06/cve-publication-cve-2016-8633/
CVE Publication: CVE 2016-8633 – Eyal ItkinThird Party Advisory
-
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.7
Release Notes
-
https://access.redhat.com/errata/RHSA-2019:1190
RHSA-2019:1190 - Security Advisory - Red Hat Customer Portal
Jump to