CVE-2016-7425

CVSS v3.1 7.8 (High)

CVSS v2.0 7.2 (High)

EPSS 0.04 % (11^th)

Affected Products 2

Advisories 23

The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel through 4.8.2 does not restrict a certain length field, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code.

Weaknesses

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2016-10-16 21:59:12
(8 years ago)
Updated Date: 2023-01-17 21:15:16
(20 months ago)

Affected Products

Canonical

Ubuntu Linux

Linux

Linux Kernel

Configuration #1

	CPE23	From	Up To
Linux Kernel from 3.2 version and prior 3.2.84 version	cpe:2.3:o:linux:linux_kernel	>= 3.2	< 3.2.84
Linux Kernel from 3.3 version and prior 3.10.105 version	cpe:2.3:o:linux:linux_kernel	>= 3.3	< 3.10.105
Linux Kernel from 3.11 version and prior 3.12.67 version	cpe:2.3:o:linux:linux_kernel	>= 3.11	< 3.12.67
Linux Kernel from 3.13 version and prior 3.16.39 version	cpe:2.3:o:linux:linux_kernel	>= 3.13	< 3.16.39
Linux Kernel from 3.17 version and prior 3.18.46 version	cpe:2.3:o:linux:linux_kernel	>= 3.17	< 3.18.46
Linux Kernel from 3.19 version and prior 4.1.37 version	cpe:2.3:o:linux:linux_kernel	>= 3.19	< 4.1.37
Linux Kernel from 4.2 version and prior 4.4.27 version	cpe:2.3:o:linux:linux_kernel	>= 4.2	< 4.4.27
Linux Kernel from 4.5 version and prior 4.7.10 version	cpe:2.3:o:linux:linux_kernel	>= 4.5	< 4.7.10
Linux Kernel from 4.8 version and prior 4.8.4 version	cpe:2.3:o:linux:linux_kernel	>= 4.8	< 4.8.4

Configuration #2

		CPE23	From	Up To
	Canonical Ubuntu Linux 12.04	cpe:2.3:o:canonical:ubuntu_linux:12.04:::*:-
	Canonical Ubuntu Linux 14.04	cpe:2.3:o:canonical:ubuntu_linux:14.04:::*:esm
	Canonical Ubuntu Linux 16.04	cpe:2.3:o:canonical:ubuntu_linux:16.04:::*:esm
	Canonical Ubuntu Linux 16.10	cpe:2.3:o:canonical:ubuntu_linux:16.10