CVE-2016-1886
published 2016-05-25CVE-2016-1886: Integer signedness error in the genkbd_commonioctl function in sys/dev/kbd/kbd.c in FreeBSD 9.3 before p42, 10.1 before p34, 10.2 before p17, and 10.3 before…
PriorityP340high7.8CVSS 3.0
AVLACLPRLUINSUCHIHAH
EXPLOIT
EPSS
1.14%
62.7th percentile
Integer signedness error in the genkbd_commonioctl function in sys/dev/kbd/kbd.c in FreeBSD 9.3 before p42, 10.1 before p34, 10.2 before p17, and 10.3 before p3 allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory overwrite and kernel crash), or gain privileges via a negative value in the flen structure member in the arg argument in a SETFKEY ioctl call, which triggers a "two way heap and stack overflow."
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| freebsd | freebsd | — | — |
| freebsd | freebsd | — | — |
| freebsd | freebsd | — | — |
| freebsd | freebsd | — | — |
CVSS provenance
nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3pmm-q6gm-q5rg: Integer signedness error in the genkbd_commonioctl function in sys/dev/kbd/kbd
ghsa_unreviewed·2022-05-17
CVE-2016-1886 [HIGH] CWE-119 GHSA-3pmm-q6gm-q5rg: Integer signedness error in the genkbd_commonioctl function in sys/dev/kbd/kbd
Integer signedness error in the genkbd_commonioctl function in sys/dev/kbd/kbd.c in FreeBSD 9.3 before p42, 10.1 before p34, 10.2 before p17, and 10.3 before p3 allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory overwrite and kernel crash), or gain privileges via a negative value in the flen structure member in the arg argument in a SETFKEY ioctl call, which triggers a "two way heap and stack overflow."
BSD
FreeBSD-SA-16:18.atkbd: Buffer overflow in keyboard driver
bsd_advisories·2016-05-17·CVSS 7.8
CVE-2016-1886 [HIGH] FreeBSD-SA-16:18.atkbd: Buffer overflow in keyboard driver
FreeBSD-SA-16:18.atkbd Security Advisory
The FreeBSD Project
Topic: Buffer overflow in keyboard driver
Category: core
Module: atkbd
Announced: 2016-05-17
Credits: CTurt and the HardenedBSD team
Affects: All supported versions of FreeBSD.
Corrected: 2016-05-17 22:29:59 UTC (stable/10, 10.3-STABLE)
2016-05-17 22:28:27 UTC (releng/10.3, 10.3-RELEASE-p3)
2016-05-17 22:28:20 UTC (releng/10.2, 10.2-RELEASE-p17)
2016-05-17 22:28:11 UTC (releng/10.1, 10.1-RELEASE-p34)
2016-05-17 22:31:12 UTC (stable/9, 9.3-STABLE)
2016-05-17 22:28:36 UTC (releng/9.3, 9.3-RELEASE-p42)
CVE Name: CVE-2016-1886
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit .
I. Background
The atkbd(4) driver, t
No detection rules found.
No writeups or analysis indexed.
http://cturt.github.io/SETFKEY.htmlhttp://www.securityfocus.com/bid/90734http://www.securitytracker.com/id/1035905https://security.FreeBSD.org/patches/SA-16:18/atkbd.patchhttps://www.freebsd.org/security/advisories/FreeBSD-SA-16:18.atkbd.aschttp://cturt.github.io/SETFKEY.htmlhttp://www.securityfocus.com/bid/90734http://www.securitytracker.com/id/1035905https://security.FreeBSD.org/patches/SA-16:18/atkbd.patchhttps://www.freebsd.org/security/advisories/FreeBSD-SA-16:18.atkbd.asc
2016-05-25
Published