U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Vulnerability Change Records for CVE-2016-8633

Change History

CVE Modified by Red Hat, Inc. 2/12/2023 6:26:13 PM

Action Type Old Value New Value
Removed CVSS V2
Red Hat, Inc. (AV:L/AC:M/Au:N/C:P/I:P/A:C)

Removed CVSS V3
Red Hat, Inc. AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Changed Description
A buffer overflow vulnerability due to a lack of input filtering of incoming fragmented datagrams was found in the IP-over-1394 driver [firewire-net] in a fragment handling code in the Linux kernel. The vulnerability exists since firewire supported IPv4, i.e. since version 2.6.31 (year 2009) till version v4.9-rc4. A maliciously formed fragment with a respectively large datagram offset would cause a memcpy() past the datagram buffer, which would cause a system panic or possible arbitrary code execution. The flaw requires [firewire-net] module to be loaded and is remotely exploitable from connected firewire devices, but not over a local network.
drivers/firewire/net.c in the Linux kernel before 4.8.7, in certain unusual hardware configurations, allows remote attackers to execute arbitrary code via crafted fragmented packets.
Removed Reference
https://access.redhat.com/security/cve/CVE-2016-8633 [No Types Assigned]