Main Vulnerability Database Vulnerabilities #VU5833

#VU5833 Integer overflow in Linux kernel - CVE-2016-8636

Published: February 15, 2017 / Updated: February 16, 2017

Vulnerability identifier: #VU5833

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear

CVE-ID: CVE-2016-8636

CWE-ID: CWE-190

Exploitation vector: Local access

Exploit availability: Public exploit is available

Vulnerable software:
Linux kernel

Software vendor:
Linux Foundation

Description

The vulnerability allows a local user to cause denial of service and escalate privileges on the system.

The vulnerability exists due to integer overflow in mem_check_range(). A local user can trigger memory corruption and cause denial of service or elevate privileges on vulnerable system

Successful exploitation of this vulnerability may lead to kernel panic or privilege escalation.

Remediation

Install update from kernel repository.

External links

https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.10

#VU5833 Integer overflow in Linux kernel - CVE-2016-8636

Description

Remediation

External links

Please verify you're human