Описание
The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands.
A use-after-free flaw was found in the way the Linux kernel's key management subsystem handled keyring object reference counting in certain error path of the join_session_keyring() function. A local, unprivileged user could use this flaw to escalate their privileges on the system.
Отчет
This issue does not affect the Linux kernels as shipped with Red Hat Enterprise Linux 5 and 6. Refer to https://access.redhat.com/node/2131021 for further information.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 4 | kernel | Not affected | ||
| Red Hat Enterprise Linux 5 | kernel | Not affected | ||
| Red Hat Enterprise Linux 6 | kernel | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel-rt | Fixed | RHSA-2016:0065 | 25.01.2016 |
| Red Hat Enterprise Linux 7 | kernel | Fixed | RHSA-2016:0064 | 25.01.2016 |
| Red Hat Enterprise Linux 7.1 Extended Update Support | kernel | Fixed | RHSA-2016:0103 | 02.02.2016 |
| Red Hat Enterprise MRG 2 | kernel-rt | Fixed | RHSA-2016:0068 | 26.01.2016 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.2 High
CVSS2
Связанные уязвимости
The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands.
The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands.
The join_session_keyring function in security/keys/process_keys.c in t ...
EPSS
7.2 High
CVSS2