Описание
The key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 4.2.6 allows local users to cause a denial of service (OOPS) via crafted keyctl commands.
It was found that the Linux kernel's keys subsystem did not correctly garbage collect uninstantiated keyrings. A local attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system.
Отчет
This issue affects the Linux kernels as shipped with Red Hat Enterprise Linux 6 , 7 and Red Hat MRG 2. Future updates for the respective releases may address this flaw.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | kernel | Not affected | ||
| Red Hat Enterprise Linux 6 | kernel | Fixed | RHSA-2015:2636 | 15.12.2015 |
| Red Hat Enterprise Linux 7 | kernel-rt | Fixed | RHSA-2016:0212 | 16.02.2016 |
| Red Hat Enterprise Linux 7 | kernel | Fixed | RHSA-2016:0185 | 16.02.2016 |
| Red Hat Enterprise MRG 2 | kernel-rt | Fixed | RHSA-2016:0224 | 16.02.2016 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.2 High
CVSS2
Связанные уязвимости
The key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 4.2.6 allows local users to cause a denial of service (OOPS) via crafted keyctl commands.
The key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 4.2.6 allows local users to cause a denial of service (OOPS) via crafted keyctl commands.
The key_gc_unused_keys function in security/keys/gc.c in the Linux ker ...
The key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 4.2.6 allows local users to cause a denial of service (OOPS) via crafted keyctl commands.
ELSA-2016-3501: Unbreakable Enterprise kernel security update (IMPORTANT)
EPSS
7.2 High
CVSS2