Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2016-8650

Опубликовано: 28 нояб. 2016
Источник: debian
EPSS Низкий

Описание

The mpi_powm function in lib/mpi/mpi-pow.c in the Linux kernel through 4.8.11 does not ensure that memory is allocated for limb data, which allows local users to cause a denial of service (stack memory corruption and panic) via an add_key system call for an RSA key with a zero exponent.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
linuxfixed4.8.11-1package
linuxfixed3.16.39-1jessiepackage
linuxnot-affectedwheezypackage

Примечания

  • http://seclists.org/fulldisclosure/2016/Nov/76

  • Proposed fix: https://lkml.org/lkml/2016/11/23/477

  • Fixed by: https://git.kernel.org/linus/f5527fffff3f002b0a6b376163613b82f69de073

  • Introduced by https://git.kernel.org/linus/cdec9cb5167ab1113ba9c58e395f664d9d3f9acb (v3.3-rc1)

  • https://bugzilla.redhat.com/show_bug.cgi?id=1343162 (not yet opened)

EPSS

Процентиль: 13%
0.00045
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2016-8650

CVSS3: 5.5
ubuntu
больше 8 лет назад

The mpi_powm function in lib/mpi/mpi-pow.c in the Linux kernel through 4.8.11 does not ensure that memory is allocated for limb data, which allows local users to cause a denial of service (stack memory corruption and panic) via an add_key system call for an RSA key with a zero exponent.

redhat логотип

CVE-2016-8650

CVSS3: 8.8
redhat
больше 8 лет назад

The mpi_powm function in lib/mpi/mpi-pow.c in the Linux kernel through 4.8.11 does not ensure that memory is allocated for limb data, which allows local users to cause a denial of service (stack memory corruption and panic) via an add_key system call for an RSA key with a zero exponent.

nvd логотип

CVE-2016-8650

CVSS3: 5.5
nvd
больше 8 лет назад

The mpi_powm function in lib/mpi/mpi-pow.c in the Linux kernel through 4.8.11 does not ensure that memory is allocated for limb data, which allows local users to cause a denial of service (stack memory corruption and panic) via an add_key system call for an RSA key with a zero exponent.

github логотип

GHSA-pjpg-8qgr-gpc5

CVSS3: 5.5
github
около 3 лет назад

The mpi_powm function in lib/mpi/mpi-pow.c in the Linux kernel through 4.8.11 does not ensure that memory is allocated for limb data, which allows local users to cause a denial of service (stack memory corruption and panic) via an add_key system call for an RSA key with a zero exponent.

oracle-oval логотип

ELSA-2016-3651

oracle-oval
больше 8 лет назад

ELSA-2016-3651: Unbreakable Enterprise kernel security update (IMPORTANT)

EPSS

Процентиль: 13%
0.00045
Низкий