Vulnerability Details : CVE-2016-9083
drivers/vfio/pci/vfio_pci.c in the Linux kernel through 4.8.11 allows local users to bypass integer overflow checks, and cause a denial of service (memory corruption) or have unspecified other impact, by leveraging access to a vfio PCI device file for a VFIO_DEVICE_SET_IRQS ioctl call, aka a "state machine confusion bug."
Vulnerability category: OverflowMemory CorruptionDenial of service
Products affected by CVE-2016-9083
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-9083
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-9083
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST | |
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2016-9083
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
-
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-9083
-
http://rhn.redhat.com/errata/RHSA-2017-0387.html
RHSA-2017:0387 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://patchwork.kernel.org/patch/9373631/
[v3] vfio/pci: Fix integer overflows, bitmask check - PatchworkPatch;Vendor Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=1389258
1389258 – (CVE-2016-9083) CVE-2016-9083 kernel: State machine confusion bug in vfio driver leading to memory corruptionIssue Tracking
-
https://github.com/torvalds/linux/commit/05692d7005a364add85c6e25a6c4447ce08f913a
vfio/pci: Fix integer overflows, bitmask check · torvalds/linux@05692d7 · GitHubIssue Tracking;Patch;Third Party Advisory
-
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=05692d7005a364add85c6e25a6c4447ce08f913a
kernel/git/torvalds/linux.git - Linux kernel source treeIssue Tracking;Patch;Vendor Advisory
-
http://www.securityfocus.com/bid/93929
Linux Kernel CVE-2016-9083 Local Integer Overflow VulnerabilityThird Party Advisory;VDB Entry
-
http://www.openwall.com/lists/oss-security/2016/10/26/11
oss-security - kernel: low-severity vfio driver integer overflowMailing List;Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2017-0386.html
RHSA-2017:0386 - Security Advisory - Red Hat Customer PortalThird Party Advisory
Jump to