CVE-2016-8658

low-risk

Published 2016-10-16

Stack-based buffer overflow in the brcmf_cfg80211_start_ap function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel before 4.7.5 allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a long SSID Information Element in a command to a Netlink socket.

Do I need to act?

0.30% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.1/10 Medium

LOCAL / LOW complexity

Affected Products (1)

Linux Kernel

Affected Vendors

Linux

References (20)

Issue Tracking http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ded899...

Release Notes http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.5

Mailing List http://www.openwall.com/lists/oss-security/2016/10/13/1

http://www.securityfocus.com/bid/93541

http://www.ubuntu.com/usn/USN-3145-1

http://www.ubuntu.com/usn/USN-3145-2

http://www.ubuntu.com/usn/USN-3146-1

http://www.ubuntu.com/usn/USN-3146-2

Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=1384403

Issue Tracking https://github.com/torvalds/linux/commit/ded89912156b1a47d940a0c954c43afbabd0c42...