CVE-2016-8633

EUVD-2016-9476
drivers/firewire/net.c in the Linux kernel before 4.8.7, in certain unusual hardware configurations, allows remote attackers to execute arbitrary code via crafted fragmented packets.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 MEDIUM
PHYSICAL
LOW
NONE
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 75%
Affected Products (NVD)
VendorProductVersion
linuxlinux_kernel
𝑥
≤ 4.8.6
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bookworm
6.1.106-3
fixed
bookworm (security)
6.1.112-1
fixed
bullseye
5.10.223-1
fixed
bullseye (security)
5.10.226-1
fixed
sid
6.11.6-1
fixed
trixie
6.11.5-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
linux
artful
not-affected
precise
ignored
trusty
Fixed 3.13.0-133.182
released
xenial
Fixed 4.4.0-57.78
released
yakkety
Fixed 4.8.0-32.34
released
zesty
not-affected
linux-armadaxp
artful
dne
precise
ignored
trusty
dne
xenial
dne
yakkety
dne
zesty
dne
linux-aws
artful
dne
precise
dne
trusty
not-affected
xenial
not-affected
yakkety
dne
zesty
dne
linux-azure
artful
dne
trusty
not-affected
xenial
not-affected
yakkety
dne
zesty
dne
linux-euclid
artful
dne
trusty
dne
xenial
not-affected
zesty
dne
linux-flo
artful
dne
precise
dne
trusty
dne
xenial
ignored
yakkety
ignored
zesty
dne
linux-gcp
artful
dne
trusty
dne
xenial
not-affected
yakkety
dne
zesty
dne
linux-gke
artful
dne
precise
dne
trusty
dne
xenial
not-affected
yakkety
dne
zesty
dne
linux-goldfish
artful
dne
precise
dne
trusty
dne
xenial
ignored
yakkety
ignored
zesty
ignored
linux-grouper
artful
dne
precise
dne
trusty
dne
xenial
dne
yakkety
dne
zesty
dne
linux-hwe
artful
dne
precise
dne
trusty
dne
xenial
not-affected
yakkety
dne
zesty
dne
linux-hwe-edge
artful
dne
precise
dne
trusty
dne
xenial
not-affected
yakkety
dne
zesty
dne
linux-kvm
artful
dne
trusty
dne
xenial
not-affected
zesty
dne
linux-linaro-omap
artful
dne
precise
ignored
trusty
dne
xenial
dne
yakkety
dne
zesty
dne
linux-linaro-shared
artful
dne
precise
ignored
trusty
dne
xenial
dne
yakkety
dne
zesty
dne
linux-linaro-vexpress
artful
dne
precise
ignored
trusty
dne
xenial
dne
yakkety
dne
zesty
dne
linux-lts-quantal
artful
dne
precise
ignored
trusty
dne
xenial
dne
yakkety
dne
zesty
dne
linux-lts-raring
artful
dne
precise
ignored
trusty
dne
xenial
dne
yakkety
dne
zesty
dne
linux-lts-saucy
artful
dne
precise
ignored
trusty
dne
xenial
dne
yakkety
dne
zesty
dne
linux-lts-trusty
artful
dne
precise
ignored
trusty
dne
xenial
dne
yakkety
dne
zesty
dne
linux-lts-utopic
artful
dne
precise
dne
trusty
dne
xenial
dne
yakkety
dne
zesty
dne
linux-lts-vivid
artful
dne
precise
dne
trusty
ignored
xenial
dne
yakkety
dne
zesty
dne
linux-lts-wily
artful
dne
precise
dne
trusty
dne
xenial
dne
yakkety
dne
zesty
dne
linux-lts-xenial
artful
dne
precise
dne
trusty
Fixed 4.4.0-57.78~14.04.1
released
xenial
dne
yakkety
dne
zesty
dne
linux-maguro
artful
dne
precise
dne
trusty
dne
xenial
dne
yakkety
dne
zesty
dne
linux-mako
artful
dne
precise
dne
trusty
dne
xenial
ignored
yakkety
ignored
zesty
dne
linux-manta
artful
dne
precise
dne
trusty
dne
xenial
dne
yakkety
dne
zesty
dne
linux-oem
artful
dne
trusty
dne
xenial
not-affected
zesty
dne
linux-qcm-msm
artful
dne
precise
ignored
trusty
dne
xenial
dne
yakkety
dne
zesty
dne
linux-raspi2
artful
not-affected
precise
dne
trusty
dne
xenial
Fixed 4.4.0-1038.45
released
yakkety
Fixed 4.8.0-1021.24
released
zesty
not-affected
linux-snapdragon
artful
not-affected
precise
dne
trusty
dne
xenial
Fixed 4.4.0-1042.46
released
yakkety
Fixed 4.4.0-1046.50
released
zesty
not-affected
linux-ti-omap4
artful
dne
precise
ignored
trusty
dne
xenial
dne
yakkety
dne
zesty
dne
Common Weakness Enumeration
References
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=667121ace9dbafb368618dbabcf07901c962ddac
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.7
http://www.openwall.com/lists/oss-security/2016/11/06/1
http://www.securityfocus.com/bid/94149
https://access.redhat.com/errata/RHSA-2018:0676
https://access.redhat.com/errata/RHSA-2018:1062
https://access.redhat.com/errata/RHSA-2019:1170
https://access.redhat.com/errata/RHSA-2019:1190
https://bugzilla.redhat.com/show_bug.cgi?id=1391490
https://eyalitkin.wordpress.com/2016/11/06/cve-publication-cve-2016-8633/
https://github.com/torvalds/linux/commit/667121ace9dbafb368618dbabcf07901c962ddac
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=667121ace9dbafb368618dbabcf07901c962ddac
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.7
http://www.openwall.com/lists/oss-security/2016/11/06/1
http://www.securityfocus.com/bid/94149
https://access.redhat.com/errata/RHSA-2018:0676
https://access.redhat.com/errata/RHSA-2018:1062
https://access.redhat.com/errata/RHSA-2019:1170
https://access.redhat.com/errata/RHSA-2019:1190
https://bugzilla.redhat.com/show_bug.cgi?id=1391490
https://eyalitkin.wordpress.com/2016/11/06/cve-publication-cve-2016-8633/
https://github.com/torvalds/linux/commit/667121ace9dbafb368618dbabcf07901c962ddac