cpe:/o:linux:linux_kernel:4.8.14 CVE-2016-10147 2017-01-18T16:59:00.167-05:00 2018-01-04T21:30:31.527-05:00 4.9 LOCAL LOW NONE NONE NONE COMPLETE http://nvd.nist.gov 2017-01-19T16:53:15.727-05:00 BID 95677 REDHAT RHSA-2017:1842 REDHAT RHSA-2017:2077 MLIST [linux-crypto] 20161202 Crash in crypto mcryptd MLIST [oss-security] 20170117 CVE request -- linux kernel: crash by spawning mcrypt(alg) with incompatible algorithm CONFIRM http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=48a992727d82cb7db076fa15d372178743b1f4cd CONFIRM http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.15 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=1404200 CONFIRM https://github.com/torvalds/linux/commit/48a992727d82cb7db076fa15d372178743b1f4cd crypto/mcryptd.c in the Linux kernel before 4.8.15 allows local users to cause a denial of service (NULL pointer dereference and system crash) by using an AF_ALG socket with an incompatible algorithm, as demonstrated by mcryptd(md5).