Vulnerability: CVE-2016-9084

drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel through 4.8.11 misuses the kzalloc function, which allows local users to cause a denial of service (integer overflow) or have unspecified other impact by leveraging access to a vfio PCI device file.


http://www.securityfocus.com/bid/93930
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=05692d7005a364add85c6e25a6c4447ce08f913a
https://bugzilla.redhat.com/show_bug.cgi?id=1389259
https://github.com/torvalds/linux/commit/05692d7005a364add85c6e25a6c4447ce08f913a
https://patchwork.kernel.org/patch/9373631/
http://www.openwall.com/lists/oss-security/2016/10/26/11
http://rhn.redhat.com/errata/RHSA-2017-0386.html
http://rhn.redhat.com/errata/RHSA-2017-0387.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9084


It's possible to leave a comment as registered users to the site, accessing through social, wordpress account or as anonymous users. If you want to leave a comment as an anonymous user you will be notified by email of a possible response only if you enter the email address (optional). The insertion of any data in the comment fields is totally optional. Whoever decides to insert any data accepts the treatment of these last ones for the inherent purposes of the service that is the answer to the comment and the strictly necessary communications.


Leave a Reply