CVE-2016-9083

CVSS v3.1 7.8 (High)

CVSS v2.0 7.2 (High)

EPSS 0.04 % (5^th)

Affected Products 1

Advisories 16

drivers/vfio/pci/vfio_pci.c in the Linux kernel through 4.8.11 allows local users to bypass integer overflow checks, and cause a denial of service (memory corruption) or have unspecified other impact, by leveraging access to a vfio PCI device file for a VFIO_DEVICE_SET_IRQS ioctl call, aka a "state machine confusion bug."

Weaknesses

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-190: Integer Overflow or Wraparound

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2016-11-28 03:59:11
(7 years ago)
Updated Date: 2023-01-17 21:05:36
(20 months ago)

Affected Products

Linux

Linux Kernel

Configuration #1

	CPE23	From	Up To
Linux Kernel from 3.6 version and prior 3.10.107 version	cpe:2.3:o:linux:linux_kernel	>= 3.6	< 3.10.107
Linux Kernel from 3.11 version and prior 3.12.70 version	cpe:2.3:o:linux:linux_kernel	>= 3.11	< 3.12.70
Linux Kernel from 3.13 version and prior 3.16.39 version	cpe:2.3:o:linux:linux_kernel	>= 3.13	< 3.16.39
Linux Kernel from 3.17 version and prior 3.18.51 version	cpe:2.3:o:linux:linux_kernel	>= 3.17	< 3.18.51
Linux Kernel from 3.19 version and prior 4.1.41 version	cpe:2.3:o:linux:linux_kernel	>= 3.19	< 4.1.41
Linux Kernel from 4.2 version and prior 4.4.65 version	cpe:2.3:o:linux:linux_kernel	>= 4.2	< 4.4.65
Linux Kernel from 4.5 version and prior 4.9 version	cpe:2.3:o:linux:linux_kernel	>= 4.5	< 4.9