MNBSD-2016-11: Incorrect argument handling in sendmsg(2)/socket code allows kernel memory overwrite

Severity: Unknown

Affected Package: kernel

Summary: Incorrect argument handling in sendmsg(2)/socket code allows kernel memory overwrite

Description

Incorrect argument handling in the sendmsg(2) system call and related socket code allowed a malicious local user to overwrite a large portion of kernel memory. This could result in a kernel panic or arbitrary code execution with superuser privileges. Fixed in the 0.7.8 release.

Affected Versions

kernel

Recommendations

No specific recommendations provided.

References

Additional Information

Aliases: CVE-2016-1887

Published: May 19, 2016
Last Modified: May 19, 2016