High severity7.8NVD Advisory· Published Feb 22, 2017· Updated May 13, 2026

CVE-2016-8636

Description

Integer overflow in the mem_check_range function in drivers/infiniband/sw/rxe/rxe_mr.c in the Linux kernel before 4.9.10 allows local users to cause a denial of service (memory corruption), obtain sensitive information from kernel memory, or possibly have unspecified other impact via a write or read request involving the "RDMA protocol over infiniband" (aka Soft RoCE) technology.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/nvdIssue TrackingPatchThird Party Advisory
www.openwall.com/lists/oss-security/2017/02/11/9nvdMailing ListPatchThird Party Advisory
bugzilla.redhat.com/show_bug.cginvdIssue TrackingPatch
eyalitkin.wordpress.com/2017/02/11/cve-publication-cve-2016-8636/nvdPatchTechnical DescriptionThird Party Advisory
github.com/torvalds/linux/commit/647bf3d8a8e5777319da92af672289b2a6c4dc66nvdIssue TrackingPatchThird Party Advisory
www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.10nvdRelease NotesVendor Advisory
www.securityfocus.com/bid/96189nvdThird Party AdvisoryVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.507
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000