VYPR
High severity7.8NVD Advisory· Published May 25, 2016· Updated Jun 17, 2026

CVE-2016-1886

CVE-2016-1886

Description

Integer signedness error in the genkbd_commonioctl function in sys/dev/kbd/kbd.c in FreeBSD 9.3 before p42, 10.1 before p34, 10.2 before p17, and 10.3 before p3 allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory overwrite and kernel crash), or gain privileges via a negative value in the flen structure member in the arg argument in a SETFKEY ioctl call, which triggers a "two way heap and stack overflow."

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

5
  • FreeBSD/FreeBSD5 versions
    cpe:2.3:o:freebsd:freebsd:10.1:*:*:*:*:*:*:*+ 4 more
    • cpe:2.3:o:freebsd:freebsd:10.1:*:*:*:*:*:*:*
    • cpe:2.3:o:freebsd:freebsd:10.2:*:*:*:*:*:*:*
    • cpe:2.3:o:freebsd:freebsd:10.3:*:*:*:*:*:*:*
    • cpe:2.3:o:freebsd:freebsd:9.3:*:*:*:*:*:*:*
    • (no CPE)range: 9.3 before p42, 10.1 before p34, 10.2 before p17, 10.3 before p3

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.