CVE-2016-9031 — HIGH (7.8) — White Hats Nepal

Vulnerability Description

An exploitable integer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES when dealing with 32-bit file systems. An attacker can craft an input that can cause a kernel panic and potentially be leveraged into a full privilege escalation vulnerability. This vulnerability is distinct from CVE-2016-8733.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Joyent	Smartos	20161110t013148z

Related Weaknesses (CWE)

CWE-190

References

http://www.securityfocus.com/bid/94921Broken LinkThird Party AdvisoryVDB Entry
http://www.talosintelligence.com/reports/TALOS-2016-0249/ExploitThird Party AdvisoryVDB Entry
http://www.securityfocus.com/bid/94921Broken LinkThird Party AdvisoryVDB Entry
http://www.talosintelligence.com/reports/TALOS-2016-0249/ExploitThird Party AdvisoryVDB Entry

FAQ

What is CVE-2016-9031?

CVE-2016-9031 is a vulnerability with a CVSS score of 7.8 (HIGH). An exploitable integer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES when dea...

How severe is CVE-2016-9031?

CVE-2016-9031 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-9031?

Check the references section above for vendor advisories and patch information. Affected products include: Joyent Smartos.