CVE-2016-8636

HIGH

Linux kernel <4.9.10 - Memory Corruption

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-8636. PoCs published by jigerjain.

AI-analyzed exploit summary This repository contains a functional proof-of-concept for CVE-2016-8636, demonstrating an integer overflow vulnerability in the `mem_check_range` function. The code replicates the flawed logic that allows an overflow when calculating `iova + length`, leading to incorrect bounds checking.

Description

Integer overflow in the mem_check_range function in drivers/infiniband/sw/rxe/rxe_mr.c in the Linux kernel before 4.9.10 allows local users to cause a denial of service (memory corruption), obtain sensitive information from kernel memory, or possibly have unspecified other impact via a write or read request involving the "RDMA protocol over infiniband" (aka Soft RoCE) technology.

Exploits (1)

nomisec WORKING POC

by jigerjain · poc

https://github.com/jigerjain/Integer-Overflow-test

View Code ZIP pw:eip

This repository contains a functional proof-of-concept for CVE-2016-8636, demonstrating an integer overflow vulnerability in the `mem_check_range` function. The code replicates the flawed logic that allows an overflow when calculating `iova + length`, leading to incorrect bounds checking.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: Linux Kernel (RDMA/RXE subsystem)

No auth needed

Prerequisites: Access to a system with the vulnerable RDMA/RXE subsystem

MITRE ATT&CK