CVE-2016-9031 | THREATINT

Description

An exploitable integer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES when dealing with 32-bit file systems. An attacker can craft an input that can cause a kernel panic and potentially be leveraged into a full privilege escalation vulnerability. This vulnerability is distinct from CVE-2016-8733.

PUBLISHED Reserved 2016-10-26 | Published 2016-12-14 | Updated 2024-08-06 | Assigner talos

HIGH: 7.8CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Problem types

integer overflow

Product status

OS 20161110T013148Z

affected

References

www.securityfocus.com/bid/94921 (94921) vdb-entry

www.talosintelligence.com/reports/TALOS-2016-0249/

www.securityfocus.com/bid/94921 (94921) vdb-entry

www.talosintelligence.com/reports/TALOS-2016-0249/

cve.org (CVE-2016-9031)

nvd.nist.gov (CVE-2016-9031)

Download JSON