CVE-2016-0728

Опубликовано: 08 фев. 2016

Источник: nvd

CVSS3: 7.8

CVSS2: 7.2

EPSS Средний

Описание

The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands.

Комментарий

CWE-190: Integer Overflow or Wraparound

CWE-416: Use After Free

Ссылки

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=23567fd052a9abb6d67fe8e7a9ccdd9800a540f2
Vendor Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176484.html
Mailing List
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176194.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00026.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00012.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00033.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00034.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00035.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00038.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00039.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00040.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00041.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00043.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00044.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00045.html
Mailing List
Third Party Advisory
http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-2016-0728/
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0064.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0065.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0068.html
Third Party Advisory
http://source.android.com/security/bulletin/2016-03-01.html
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:google:android:4.0:*:*:*:*:*:*:*

cpe:2.3:o:google:android:4.0.1:*:*:*:*:*:*:*

cpe:2.3:o:google:android:4.0.2:*:*:*:*:*:*:*

cpe:2.3:o:google:android:4.0.3:*:*:*:*:*:*:*

cpe:2.3:o:google:android:4.0.4:*:*:*:*:*:*:*

cpe:2.3:o:google:android:4.1:*:*:*:*:*:*:*

cpe:2.3:o:google:android:4.1.2:*:*:*:*:*:*:*

cpe:2.3:o:google:android:4.2:*:*:*:*:*:*:*

cpe:2.3:o:google:android:4.2.1:*:*:*:*:*:*:*

cpe:2.3:o:google:android:4.2.2:*:*:*:*:*:*:*

cpe:2.3:o:google:android:4.3:*:*:*:*:*:*:*

cpe:2.3:o:google:android:4.3.1:*:*:*:*:*:*:*

cpe:2.3:o:google:android:4.4:*:*:*:*:*:*:*

cpe:2.3:o:google:android:4.4.1:*:*:*:*:*:*:*

cpe:2.3:o:google:android:4.4.2:*:*:*:*:*:*:*

cpe:2.3:o:google:android:4.4.3:*:*:*:*:*:*:*

cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*

cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:*

cpe:2.3:o:google:android:5.0.2:*:*:*:*:*:*:*

cpe:2.3:o:google:android:5.1:*:*:*:*:*:*:*

cpe:2.3:o:google:android:5.1.0:*:*:*:*:*:*:*

cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*

cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*

cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*

Конфигурация 2

cpe:2.3:a:hp:server_migration_pack:*:*:*:*:*:*:*:*

Версия до 7.5 (включая)

Конфигурация 3

Одно из