The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel through 4.8.2 does not restrict a certain length field, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2016-10-16T21:00:00
Updated: 2024-08-06T01:57:47.611Z
Reserved: 2016-09-09T00:00:00
Link: CVE-2016-7425
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2016-10-16T21:59:12.163
Modified: 2023-01-17T21:15:16.343
Link: CVE-2016-7425
Redhat