PatchSiren

PatchSiren cyber security CVE debrief

CVE-2016-10153 Linux CVE debrief

CVE-2016-10153 is a Linux kernel issue affecting 4.9.x before 4.9.6 when CONFIG_VMAP_STACK is enabled. According to the NVD description, the crypto scatterlist API interacts incorrectly with this stack configuration, with impact ranging from system crash or memory corruption to possibly other unspecified effects. The problem is tied to earlier net/ceph/crypto.c code paths and is exploitable by local users. The linked kernel fix and 4.9.6 changelog indicate the issue was addressed in the upstream Linux tree before the 4.9.6 release.

Vendor
Linux
Product
CVE-2016-10153
CVSS
HIGH 7.8
CISA KEV
Not listed in stored evidence
Original CVE published
2017-02-06
Original CVE updated
2026-05-13
Advisory published
2017-02-06
Advisory updated
2026-05-13

Who should care

Linux kernel maintainers, distribution security teams, and operators running 4.9.x kernels with CONFIG_VMAP_STACK enabled should prioritize this. It is especially relevant where local users or untrusted workloads exist, since the issue requires local access but can still result in high-impact denial of service or memory corruption.

Technical summary

NVD classifies the flaw as CWE-399 and assigns CVSS 3.0 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The described failure is an incorrect interaction between the crypto scatterlist API and CONFIG_VMAP_STACK in Linux kernel 4.9.x before 4.9.6, with reliance on earlier net/ceph/crypto.c code. The affected CPE ranges listed by NVD cover Linux kernel 4.9 through 4.9.5. The official references include the upstream Linux commit, the 4.9.6 changelog, and the oss-security thread documenting the fix.

Defensive priority

High for exposed or widely deployed Linux 4.9.x systems, but especially for systems still on 4.9.0-4.9.5 with CONFIG_VMAP_STACK enabled. Because the flaw can lead to crash or memory corruption from local access, patching should be treated as urgent for any environment that allows untrusted local users or container-like tenant activity.

Recommended defensive actions

  • Upgrade Linux kernel to 4.9.6 or a later fixed release that includes the upstream patch referenced in the CVE record.
  • Verify whether CONFIG_VMAP_STACK is enabled in affected kernel builds; if so, prioritize remediation and testing.
  • Review fleet inventory for 4.9.0 through 4.9.5 kernels and identify hosts that may still be running those versions.
  • Apply your distribution vendor's kernel update or backport package that includes the referenced fix, rather than relying only on version number.
  • Treat any local crash or unexplained memory corruption on affected kernels as a potential security event and investigate promptly.

Evidence notes

This debrief is based on the supplied NVD CVE record and its linked official/kernel references. NVD states the issue affects Linux kernel 4.9.x before 4.9.6 and involves incorrect interaction between the crypto scatterlist API and CONFIG_VMAP_STACK, with local-user impact. The reference set includes the upstream Linux commit, the 4.9.6 changelog, and the oss-security mailing list thread, supporting the remediation timeline. No exploit steps or unsupported root-cause details are included.

Official resources

CVE published by NVD on 2017-02-06T06:59:00.277Z and last modified on 2026-05-13T00:24:29.033Z. The linked upstream fix and 4.9.6 changelog are the key remediation references; this summary does not use generation or review time as the CVE's