FreeBSD Kernel amd64_set_ldt Heap Overflow Vulnerability (CVE-2016-1885)
FreeBSD Kernel amd64_set_ldt Heap Overflow Vulnerability (CVE-2016-1885)
Release date:
Updated on:
Affected Systems:
FreeBSD <10.2-RELENG
Description:
CVE (CAN) ID: CVE-2016-1885
FreeBSD is a UNIX operating system.
In kernel code earlier than FreeBSD 10.2-RELENG, The amd64_set_ldt () function has an integer signature error, which can cause Kernel Heap Overflow and local attackers can cause system crash.
<* Source: Francisco Falcon
*>
Suggestion:
Vendor patch:
FreeBSD
-------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
[1] https://www.freebsd.org/cgi/man.cgi? Query = i386_set_ldt & sektion = 2 & manpath = FreeBSD + 8.2-RELEASE
[2] https://svnweb.freebsd.org/base/release/10.2.0/sys/amd64/amd64/sys_machdep.c? View = markup
[3] https://svnweb.freebsd.org/base/release/10.2.0/sys/x86/include/sysarch.h? View = markup
This article permanently updates the link address: