CVE-2016-8733

high

Published 2016-12-14 · Modified 2026-05-06

CVSS v3

8.8

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CVSS v2

7.2

VIR risk

8.8

Description

An exploitable integer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES when dealing with native file systems. An attacker can craft an input that can cause a kernel panic and potentially be leveraged into a full privilege escalation vulnerability. This vulnerability is distinct from CVE-2016-9031.

Predictions

Exploit likelihood

82%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.

References

http://www.securityfocus.com/bid/94920
http://www.talosintelligence.com/reports/TALOS-2016-0248/
http://www.securityfocus.com/bid/94920
http://www.talosintelligence.com/reports/TALOS-2016-0248/

CWEs

CWE-190

Verify integrity in audit chain (admin only). AS-IS.