[Forgot Password]
Login  Register Subscribe

24128

 
 

131573

 
 

110210

 
 

909

 
 

86021

 
 

136

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2016-4470Date: (C)2016-08-25   (M)2018-06-09


The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 5.5CVSS Score : 4.9
Exploit Score: 1.8Exploit Score: 3.9
Impact Score: 3.6Impact Score: 6.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: LOCALAccess Vector: LOCAL
Attack Complexity: LOWAccess Complexity: LOW
Privileges Required: LOWAuthentication: NONE
User Interaction: NONEConfidentiality: NONE
Scope: UNCHANGEDIntegrity: NONE
Confidentiality: NONEAvailability: COMPLETE
Integrity: NONE 
Availability: HIGH 
  
Reference:
SECTRACK-1036763
DSA-3607
RHSA-2016:1532
RHSA-2016:1539
RHSA-2016:1541
RHSA-2016:1657
RHSA-2016:2006
RHSA-2016:2074
RHSA-2016:2076
RHSA-2016:2128
RHSA-2016:2133
SUSE-SU-2016:1937
SUSE-SU-2016:1961
SUSE-SU-2016:1985
SUSE-SU-2016:1994
SUSE-SU-2016:1995
SUSE-SU-2016:1998
SUSE-SU-2016:1999
SUSE-SU-2016:2000
SUSE-SU-2016:2001
SUSE-SU-2016:2002
SUSE-SU-2016:2003
SUSE-SU-2016:2005
SUSE-SU-2016:2006
SUSE-SU-2016:2007
SUSE-SU-2016:2009
SUSE-SU-2016:2010
SUSE-SU-2016:2011
SUSE-SU-2016:2014
SUSE-SU-2016:2018
SUSE-SU-2016:2105
USN-3049-1
USN-3050-1
USN-3051-1
USN-3052-1
USN-3053-1
USN-3054-1
USN-3055-1
USN-3056-1
USN-3057-1
http://www.openwall.com/lists/oss-security/2016/06/15/11
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=38327424b40bcebe2de92d07312c89360ac9229a
http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
https://bugzilla.redhat.com/show_bug.cgi?id=1341716
https://github.com/torvalds/linux/commit/38327424b40bcebe2de92d07312c89360ac9229a
openSUSE-SU-2016:2184

CPE    9
cpe:/o:redhat:enterprise_linux_hpc_node:7.0
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux_workstation:7.0
cpe:/o:redhat:enterprise_linux_desktop:7.0
...
OVAL    38
oval:org.secpod.oval:def:703230
oval:org.secpod.oval:def:703233
oval:org.secpod.oval:def:703229
oval:org.secpod.oval:def:703225
...

© SecPod Technologies