CVE-2016-9868

MEDIUM

EMC Scaleio < 2.0.1.0 - Security Feature Bypass

Title source: rule

Description

An issue was discovered in EMC ScaleIO versions before 2.0.1.1. A low-privileged local attacker may cause a denial-of-service by generating a kernel panic in the SCINI driver using IOCTL calls which may render the ScaleIO Data Client (SDC) server unavailable until the next reboot.

References (2)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/539983/30/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/95301

Scores

CVSS v3 5.5

EPSS 0.0005

EPSS Percentile 16.2%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-254

Status published

Affected Products (2)

emc/scaleio < 2.0.1.0

n/a/EMC ScaleIO versions before 2.0.1.1 < EMC ScaleIO versions before 2.0.1.1

Timeline

Published Jan 06, 2017

Tracked Since Feb 18, 2026