CVE-2016-9777 : KVM in the Linux kernel before 4.8.12, when I/O APIC is enabled, does not proper

KVM in the Linux kernel before 4.8.12, when I/O APIC is enabled, does not properly restrict the VCPU index, which allows guest OS users to gain host OS privileges or cause a denial of service (out-of-bounds array access and host OS crash) via a crafted interrupt request, related to arch/x86/kvm/ioapic.c and arch/x86/kvm/ioapic.h.

Published 2016-12-28 07:59:01

Updated 2025-04-12 10:46:41

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2016-9777

Linux » Linux Kernel
Versions from including (>=) 4.8 and before (<) 4.8.12
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2016-9777

EPSS FAQ

0.07%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 19 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2016-9777

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.9	MEDIUM	AV:L/AC:M/Au:N/C:C/I:C/A:C	3.4	10.0	NIST
Access Vector: Local Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
7.8	HIGH	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H	1.1	6.0	NIST
Attack Vector: Local Attack Complexity: High Privileges Required: Low User Interaction: None Scope: Changed Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2016-9777

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2016-9777

https://bugzilla.redhat.com/show_bug.cgi?id=1400804

1400804 – (CVE-2016-9777) CVE-2016-9777 Kernel: kvm: out of bounds memory access via vcpu_id
Issue Tracking
http://www.openwall.com/lists/oss-security/2016/12/02/2

oss-security - CVE request: Kernel: kvm: out of bounds memory access via vcpu_id
Mailing List;Patch
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=81cdb259fb6d8c1c4ecfeea389ff5a73c07f5755

kernel/git/torvalds/linux.git - Linux kernel source tree
Patch;Vendor Advisory
http://www.securityfocus.com/bid/94640

Linux Kernel 'lapic.c' Local Denial of Service Vulnerability
Third Party Advisory;VDB Entry
https://github.com/torvalds/linux/commit/81cdb259fb6d8c1c4ecfeea389ff5a73c07f5755

KVM: x86: fix out-of-bounds accesses of rtc_eoi map · torvalds/linux@81cdb25 · GitHub
Patch;Vendor Advisory
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.12

Release Notes

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2016-9777

Products affected by CVE-2016-9777

Exploit prediction scoring system (EPSS) score for CVE-2016-9777

CVSS scores for CVE-2016-9777

CWE ids for CVE-2016-9777

References for CVE-2016-9777