CVE-2016-1885
published 2016-04-12CVE-2016-1885: Integer signedness error in the amd64_set_ldt function in sys/amd64/amd64/sys_machdep.c in FreeBSD 9.3 before p39, 10.1 before p31, and 10.2 before p14 allows…
PriorityP428medium6.2CVSS 3.0
AVLACLPRNUINSUCNINAH
EXPLOIT
EPSS
1.26%
66.0th percentile
Integer signedness error in the amd64_set_ldt function in sys/amd64/amd64/sys_machdep.c in FreeBSD 9.3 before p39, 10.1 before p31, and 10.2 before p14 allows local users to cause a denial of service (kernel panic) via an i386_set_ldt system call, which triggers a heap-based buffer overflow.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| freebsd | freebsd | — | — |
| freebsd | freebsd | — | — |
| freebsd | freebsd | — | — |
CVSS provenance
nvdv3.06.2MEDIUMCVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.04.9MEDIUMAV:L/AC:L/Au:N/C:N/I:N/A:C
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-vc7v-9ghj-gp9f: Integer signedness error in the amd64_set_ldt function in sys/amd64/amd64/sys_machdep
ghsa_unreviewed·2022-05-14
CVE-2016-1885 [MEDIUM] CWE-119 GHSA-vc7v-9ghj-gp9f: Integer signedness error in the amd64_set_ldt function in sys/amd64/amd64/sys_machdep
Integer signedness error in the amd64_set_ldt function in sys/amd64/amd64/sys_machdep.c in FreeBSD 9.3 before p39, 10.1 before p31, and 10.2 before p14 allows local users to cause a denial of service (kernel panic) via an i386_set_ldt system call, which triggers a heap-based buffer overflow.
BSD
FreeBSD-SA-16:15.sysarch: Incorrect argument validation in sysarch(2)
bsd_advisories·2016-03-16·CVSS 6.2
CVE-2016-1885 [MEDIUM] FreeBSD-SA-16:15.sysarch: Incorrect argument validation in sysarch(2)
FreeBSD-SA-16:15.sysarch [REVISED] Security Advisory
The FreeBSD Project
Topic: Incorrect argument validation in sysarch(2)
Category: core
Module: kernel
Announced: 2016-10-25
Credits: Core Security, ahaha from Chaitin Tech
Affects: All supported versions of FreeBSD.
Corrected: 2016-10-25 17:14:50 UTC (stable/11, 11.0-STABLE)
2016-10-25 17:11:20 UTC (releng/11.0, 11.0-RELEASE-p2)
2016-10-25 17:16:08 UTC (stable/10, 10.3-STABLE)
2016-10-25 17:11:15 UTC (releng/10.3, 10.3-RELEASE-p11)
2016-10-25 17:11:11 UTC (releng/10.2, 10.2-RELEASE-p24)
2016-10-25 17:11:07 UTC (releng/10.1, 10.1-RELEASE-p41)
2016-10-25 17:16:58 UTC (stable/9, 9.3-STABLE)
2016-10-25 17:11:02 UTC (releng/9.3, 9.3-RELEASE-p49)
CVE Name: CVE-2016-1885
For general information regarding FreeBSD Security Advisories,
including
No detection rules found.
http://packetstormsecurity.com/files/136276/FreeBSD-Kernel-amd64_set_ldt-Heap-Overflow.htmlhttp://seclists.org/fulldisclosure/2016/Mar/56http://seclists.org/fulldisclosure/2016/Mar/67http://www.coresecurity.com/advisories/freebsd-kernel-amd64setldt-heap-overflowhttp://www.securityfocus.com/archive/1/537812/100/0/threadedhttp://www.securityfocus.com/archive/1/537813/100/0/threadedhttp://www.securitytracker.com/id/1035309https://security.FreeBSD.org/advisories/FreeBSD-SA-16:15.sysarch.aschttps://www.exploit-db.com/exploits/39570/http://packetstormsecurity.com/files/136276/FreeBSD-Kernel-amd64_set_ldt-Heap-Overflow.htmlhttp://seclists.org/fulldisclosure/2016/Mar/56http://seclists.org/fulldisclosure/2016/Mar/67http://www.coresecurity.com/advisories/freebsd-kernel-amd64setldt-heap-overflowhttp://www.securityfocus.com/archive/1/537812/100/0/threadedhttp://www.securityfocus.com/archive/1/537813/100/0/threadedhttp://www.securitytracker.com/id/1035309https://security.FreeBSD.org/advisories/FreeBSD-SA-16:15.sysarch.aschttps://www.exploit-db.com/exploits/39570/
2016-04-12
Published