The use of a kzalloc with an integer multiplication allowed an integer overflow condition to be reached in vfio_pci_intrs.c. This combined with CVE-2016-9083 may allow an attacker to craft an attack and use unallocated memory, potentially crashing the machine. This issue is related to CVE-2016-9083 (bugzilla.redhat.com/CVE-2016-9083 ) Proposed patch: https://patchwork.kernel.org/patch/9373631/ CVE assignment: http://seclists.org/oss-sec/2016/q4/251
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1389285]
Statement: This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2. This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7. This has been rated as having Moderate security impact and is currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2017:0386 https://rhn.redhat.com/errata/RHSA-2017-0386.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2017:0387 https://rhn.redhat.com/errata/RHSA-2017-0387.html