CVE-2016-9083 Vulnerability

drivers/vfio/pci/vfio_pci.c in the Linux kernel through 4.8.11 allows local users to bypass integer overflow checks, and cause a denial of service (memory corruption) or have unspecified other impact, by leveraging access to a vfio PCI device file for a VFIO_DEVICE_SET_IRQS ioctl call, aka a "state machine confusion bug." (CVSS:7.2) (Last Update:2016-11-28)

Vulnerability Details : drivers/vfio/pci/vfio_pci.c in the Linux kernel through 4.8.11 allows local users to bypass integer overflow checks, and cause a denial of service (memory corruption) or have unspecified other impact, by leveraging access to a vfio PCI device file for a VFIO_DEVICE_SET_IRQS ioctl call, aka a "state machine confusion bug." Publish Date : 2016-11-27 Last Update Date : 2016-11-28 - CVSS Scores & Vulnerability Types CVSS Score 7.2 Confidentiality Impact Complete(There is total information disclosure, resulting in all system files being revealed.) Integrity Impact Complete(There is a total compromise of system integrity. There is a complete loss of system protection, resulting in the entire system being compromised.) Availability Impact Complete(There is a total shutdown of the affected resource. The attacker can render the resource completely unavailable.) Access Complexity Low(Specialized access conditions or extenuating circumstances do not exist. Very little knowledge or skill is required to exploit. ) Authentication Not required(Authentication is not required to exploit the vulnerability.) Gained Access None Vulnerability Type(s) Denial Of ServiceOverflowMemory corruptionBypass a restriction or similar CWE ID 190 - Products Affected By CVE-2016-9083 # Product Type Vendor Product Version Update Edition Language 1 OS Linux Linux Kernel 4.8.11 Version Details Vulnerabilities - Number Of Affected Versions By Product Vendor Product Vulnerable Versions Linux Linux Kernel 1 - References For CVE-2016-9083 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=05692d7005a364add85c6e25a6c4447ce08f913a CONFIRM http://www.openwall.com/lists/oss-security/2016/10/26/11 MLIST [oss-security] 20161027 kernel: low-severity vfio driver integer overflow http://www.securityfocus.com/bid/93929 BID 93929 Linux Kernel CVE-2016-9083 Local Integer Overflow Vulnerability Release Date:2016-11-01 https://bugzilla.redhat.com/show_bug.cgi?id=1389258 CONFIRM https://github.com/torvalds/linux/commit/05692d7005a364add85c6e25a6c4447ce08f913a CONFIRM https://patchwork.kernel.org/patch/9373631/ CONFIRM

- Metasploit Modules Related To CVE-2016-9083 There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information)