← back
CVE-2016-1886

CVE-2016-1886

EPSS 1.1%
Integer signedness error in the genkbd_commonioctl function in sys/dev/kbd/kbd.c in FreeBSD 9.3 before p42, 10.1 before p34, 10.2 before p17, and 10.3 before p3 allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory overwrite and kernel crash), or gain privileges via a negative value in the flen structure member in the arg argument in a SETFKEY ioctl call, which triggers a "two way heap and stack overflow."
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/44211unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://cturt.github.io/SETFKEY.htmlhttps://security.FreeBSD.org/patches/SA-16:18/atkbd.patchhttps://www.freebsd.org/security/advisories/FreeBSD-SA-16:18.atkbd.aschttp://www.securityfocus.com/bid/90734http://www.securitytracker.com/id/1035905