CVE-2016-8633

MEDIUM

Linux Kernel < 4.8.7 - Remote Code Execution via Firewire Fragmented Packets

Title source: llm
STIX 2.1

Description

drivers/firewire/net.c in the Linux kernel before 4.8.7, in certain unusual hardware configurations, allows remote attackers to execute arbitrary code via crafted fragmented packets.

References (11)

Core 11
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/94149
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:1062
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:0676
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1391490
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2016/11/06/1
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:1170
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:1190

Scores

CVSS v3 6.8
EPSS 0.0176
EPSS Percentile 75.3%
Attack Vector PHYSICAL
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-119 CWE-284
Status published
Products (1)
linux/linux_kernel < 4.8.6
Published Nov 28, 2016
Tracked Since Feb 18, 2026