Integer Overflow Vulnerability in Linux Kernel's VFIO PCI Driver

Integer Overflow Vulnerability in Linux Kernel's VFIO PCI Driver

CVE-2016-9083 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

drivers/vfio/pci/vfio_pci.c in the Linux kernel through 4.8.11 allows local users to bypass integer overflow checks, and cause a denial of service (memory corruption) or have unspecified other impact, by leveraging access to a vfio PCI device file for a VFIO_DEVICE_SET_IRQS ioctl call, aka a "state machine confusion bug."

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.