Main Vulnerability Database Vulnerabilities #VU5833

Integer overflow in Linux kernel - CVE-2016-8636

Published: February 15, 2017 / Updated: February 16, 2017

Vulnerability identifier: #VU5833

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear

CVE-ID: CVE-2016-8636

CWE-ID: CWE-190

Exploitation vector: Local access

Exploit availability: Public exploit is available

Vendor: Linux Foundation

Affected software:
Linux kernel

Detailed vulnerability description

The vulnerability allows a local user to cause denial of service and escalate privileges on the system.

The vulnerability exists due to integer overflow in mem_check_range(). A local user can trigger memory corruption and cause denial of service or elevate privileges on vulnerable system

Successful exploitation of this vulnerability may lead to kernel panic or privilege escalation.

How to mitigate CVE-2016-8636

Install update from kernel repository.

Sources

https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.10

Integer overflow in Linux kernel - CVE-2016-8636

Detailed vulnerability description

How to mitigate CVE-2016-8636

Sources

Please verify you're human