{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in drivers/iio/dac/ad5755.c in the Linux kernel before 4.8.6. There is an out of bounds write in the function ad5755_parse_dt."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-10-09T19:07:50", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9d47964bfd471f0dd4c89f28556aec68bffa0020"}, {"tags": ["x_refsource_MISC"], "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.6"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.f5.com/csp/article/K79609038"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.f5.com/csp/article/K79609038?utm_source=f5support&amp%3Butm_medium=RSS"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-10907", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in drivers/iio/dac/ad5755.c in the Linux kernel before 4.8.6. There is an out of bounds write in the function ad5755_parse_dt."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9d47964bfd471f0dd4c89f28556aec68bffa0020", "refsource": "MISC", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9d47964bfd471f0dd4c89f28556aec68bffa0020"}, {"name": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.6", "refsource": "MISC", "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.6"}, {"name": "https://support.f5.com/csp/article/K79609038", "refsource": "CONFIRM", "url": "https://support.f5.com/csp/article/K79609038"}, {"name": "https://support.f5.com/csp/article/K79609038?utm_source=f5support&utm_medium=RSS", "refsource": "CONFIRM", "url": "https://support.f5.com/csp/article/K79609038?utm_source=f5support&utm_medium=RSS"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T03:38:56.681Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9d47964bfd471f0dd4c89f28556aec68bffa0020"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.6"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.f5.com/csp/article/K79609038"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.f5.com/csp/article/K79609038?utm_source=f5support&amp%3Butm_medium=RSS"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-10907", "datePublished": "2019-08-19T01:51:19", "dateReserved": "2019-08-18T00:00:00", "dateUpdated": "2024-08-06T03:38:56.681Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "CC156BE4-1634-44AE-A20E-1F49CAEFA583", "versionEndExcluding": "4.8.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in drivers/iio/dac/ad5755.c in the Linux kernel before 4.8.6. There is an out of bounds write in the function ad5755_parse_dt."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en el archivo drivers/iio/dac/ad5755.c en el kernel de Linux versiones anteriores a 4.8.6. Se presenta una escritura fuera de l\u00edmites en la funci\u00f3n ad5755_parse_dt."}], "id": "CVE-2016-10907", "lastModified": "2023-11-07T02:29:43.323", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-08-19T02:15:09.873", "references": [{"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.6"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9d47964bfd471f0dd4c89f28556aec68bffa0020"}, {"source": "cve@mitre.org", "url": "https://support.f5.com/csp/article/K79609038"}, {"source": "cve@mitre.org", "url": "https://support.f5.com/csp/article/K79609038?utm_source=f5support&amp%3Butm_medium=RSS"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: out of bounds write in ad5755_parse_dt in drivers/iio/dac/ad5755.c", "id": "1757372", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1757372"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.2", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-787", "details": ["An issue was discovered in drivers/iio/dac/ad5755.c in the Linux kernel before 4.8.6. There is an out of bounds write in the function ad5755_parse_dt.", "An out-of-bounds flaw was found in the Industrial I/O Subsystem of the Linux kernel. A comparison for devnr limits is exceeded by one, where the current implementation allowed 0 to AD5755_NUM_CHANNELS, while the actual limit should have been till 'AD5755_NUM_CHANNELS - 1'. This could lead to an out of bounds write to pdata->dac[devnr]. The highest risk from this vulnerability is system availability."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2016-10907", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-alt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:enterprise_mrg:2", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise MRG 2"}], "public_date": "2019-08-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2016-10907\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-10907"], "threat_severity": "Moderate"}