Main Vulnerability Database SB2016120506

SB2016120506 - Fedora 25 update for kernel

Published: December 5, 2016 Updated: April 24, 2025

Security Bulletin ID SB2016120506

Severity

Low

Patch available

YES

Number of vulnerabilities 3

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Out-of-bounds read (CVE-ID: CVE-2016-9777)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to an out-of-bounds read error within the ioapic_read_indirect() function in arch/x86/kvm/ioapic.c. A local user can escalate privileges on the system.

2) Information exposure (CVE-ID: CVE-2016-9756)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information exposure error within the em_iret(), em_jmp_far() and em_ret_far() functions in arch/x86/kvm/emulate.c. A local user can gain access to sensitive information.

3) Out-of-bounds read (CVE-ID: CVE-2016-9755)

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to an out-of-bounds read error within the ipv6_defrag() function in net/ipv6/netfilter/nf_defrag_ipv6_hooks.c, within the nf_ct_frag6_gather() function in net/ipv6/netfilter/nf_conntrack_reasm.c. A local user can execute arbitrary code.

Remediation

Install update from vendor's website.

References

https://bodhi.fedoraproject.org/updates/FEDORA-2016-bbe98c341c