KVM in the Linux kernel before 4.8.12, when I/O APIC is enabled, does not properly restrict the VCPU index, which allows guest OS users to gain host OS privileges or cause a denial of service (out-of-bounds array access and host OS crash) via a crafted interrupt request, related to arch/x86/kvm/ioapic.c and arch/x86/kvm/ioapic.h.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2016-12-28T07:42:00
Updated: 2024-08-06T02:59:03.471Z
Reserved: 2016-12-02T00:00:00
Link: CVE-2016-9777
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2016-12-28T07:59:00.510
Modified: 2023-05-16T11:09:07.767
Link: CVE-2016-9777
Redhat