[Forgot Password]
Login  Register Subscribe

23631

 
 

124015

 
 

98503

 
 

909

 
 

79321

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2016-4470

Date: (C)2016-08-25   (M)2017-11-18 


The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command.

CVSS Score: 4.9Access Vector: LOCAL
Exploit Score: 3.9Access Complexity: LOW
Impact Score: 6.9Authentication: NONE
 Confidentiality: NONE
 Integrity: NONE
 Availability: COMPLETE





Reference:
SECTRACK-1036763
DSA-3607
RHSA-2016:1532
RHSA-2016:1539
RHSA-2016:1541
RHSA-2016:1657
SUSE-SU-2016:1937
SUSE-SU-2016:1961
SUSE-SU-2016:1985
SUSE-SU-2016:1994
SUSE-SU-2016:1995
SUSE-SU-2016:1998
SUSE-SU-2016:1999
SUSE-SU-2016:2000
SUSE-SU-2016:2001
SUSE-SU-2016:2002
SUSE-SU-2016:2003
SUSE-SU-2016:2005
SUSE-SU-2016:2006
SUSE-SU-2016:2007
SUSE-SU-2016:2009
SUSE-SU-2016:2010
SUSE-SU-2016:2011
SUSE-SU-2016:2014
SUSE-SU-2016:2018
SUSE-SU-2016:2105
USN-3049-1
USN-3050-1
USN-3051-1
USN-3052-1
USN-3053-1
USN-3054-1
USN-3055-1
USN-3056-1
USN-3057-1
http://www.openwall.com/lists/oss-security/2016/06/15/11
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=38327424b40bcebe2de92d07312c89360ac9229a
http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
https://bugzilla.redhat.com/show_bug.cgi?id=1341716
https://github.com/torvalds/linux/commit/38327424b40bcebe2de92d07312c89360ac9229a
openSUSE-SU-2016:2184

CPE    8
cpe:/o:oracle:linux:7.0
cpe:/o:oracle:linux:6.0
cpe:/o:redhat:enterprise_linux_hpc_node:7.0
cpe:/a:redhat:enterprise_mrg:2.0
...
OVAL    38
oval:org.secpod.oval:def:1501530
oval:org.secpod.oval:def:501857
oval:org.secpod.oval:def:203979
oval:org.secpod.oval:def:400806
...

© 2013 SecPod Technologies