CVE-2016-9040
MEDIUMJoyent SmartOS - Denial of Service via Hyprlofs Ioctl HYPRLOFSADDENTRIES Command
Title source: llmDescription
An exploitable denial of service exists in the the Joyent SmartOS OS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFSADDENTRIES when used with a 32 bit model. An attacker can cause a buffer to be allocated and never freed. When repeatedly exploit this will result in memory exhaustion, resulting in a full system denial of service.
References (1)
Core 1
Core References
Exploit, Technical Description, Third Party Advisory x_refsource_misc
https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0258
Scores
CVSS v3
5.5
EPSS
0.0047
EPSS Percentile
37.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-400
Status
published
Products (1)
joyent/smartos
20161110t013148z
Published
Sep 07, 2018
Tracked Since
Feb 18, 2026