CVE-2016-1886

Exploit

EPSS 0.22%
Published 25.05.2016 15:59:02
Last modified 12.04.2025 10:46:40
Source cve@mitre.org
Teams watchlist Login
Open Login

Integer signedness error in the genkbd_commonioctl function in sys/dev/kbd/kbd.c in FreeBSD 9.3 before p42, 10.1 before p34, 10.2 before p17, and 10.3 before p3 allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory overwrite and kernel crash), or gain privileges via a negative value in the flen structure member in the arg argument in a SETFKEY ioctl call, which triggers a "two way heap and stack overflow."

Affected products Warnungen 0 Metrics 3 CWE 1 References 8

Data is provided by the National Vulnerability Database (NVD)

Freebsd ≫ Freebsd Version9.3

Freebsd ≫ Freebsd Version10.1

Freebsd ≫ Freebsd Version10.2

Freebsd ≫ Freebsd Version10.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.22%	0.445

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://cturt.github.io/SETFKEY.html

Exploit

http://www.securityfocus.com/bid/90734

http://www.securitytracker.com/id/1035905

https://security.FreeBSD.org/patches/SA-16:18/atkbd.patch

Patch

https://www.freebsd.org/security/advisories/FreeBSD-SA-16:18.atkbd.asc

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2016-1886

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-1886

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-1886

EUVD