CVE-2016-10154 Linux CVE debrief

Who should care

Linux administrators, distro security teams, and operators running 4.9.x kernels with CIFS support, especially builds using CONFIG_VMAP_STACK. Systems that allow local users or untrusted local workloads should treat this as relevant.

Technical summary

The flaw is a memory-safety issue in the CIFS smbencrypt.c smbhash path. On affected 4.9.x kernels before 4.9.1, handling a scatterlist that spans multiple virtual pages can go wrong under CONFIG_VMAP_STACK, leading to crash or memory corruption. NVD links the fix to upstream kernel commit 06deeec77a5a689cc94b21a8a91a76e42176685d and the Linux 4.9.1 changelog.

Defensive priority

Medium. The attack requires local access, but the impact includes system crash and possible memory corruption on a widely deployed kernel branch.

Recommended defensive actions

• Upgrade Linux 4.9.x systems to 4.9.1 or a vendor-backported fixed kernel.
• Verify whether CONFIG_VMAP_STACK is enabled in deployed kernels and include it in kernel hardening review.
• Prioritize hosts that expose CIFS/SMB client functionality and allow local user access.
• Use vendor errata, the Linux 4.9.1 changelog, and the linked upstream commit to confirm backported fixes.
• Treat unexplained crashes or memory corruption on affected builds as security-relevant and review kernel logs.

Evidence notes

The supplied NVD record lists CVE-2016-10154 as Medium with CVSS 3.0 vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H and CWE-119. NVD marks Linux kernel 4.9.x as vulnerable and references the upstream fix commit, the Linux 4.9.1 changelog, an oss-security post, a Red Hat bug entry, and a GitHub mirror of the patch. The CVE was published on 2017-02-06. The supplied enrichment data does not mark this CVE as a CISA KEV item.

Official resources