Описание
Integer overflow in lib/asn1_decoder.c in the Linux kernel before 4.6 allows local users to gain privileges via crafted ASN.1 data.
A flaw was found in the way the Linux kernel's ASN.1 DER decoder processed certain certificate files with tags of indefinite length. A local, unprivileged user could use a specially crafted X.509 certificate DER file to crash the system or, potentially, escalate their privileges on the system.
Отчет
This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and 6. This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG 2.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | kernel | Not affected | ||
| Red Hat Enterprise Linux 6 | kernel | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel-rt | Fixed | RHSA-2016:1051 | 12.05.2016 |
| Red Hat Enterprise Linux 7 | kernel | Fixed | RHSA-2016:1033 | 12.05.2016 |
| Red Hat Enterprise MRG 2 | kernel-rt | Fixed | RHSA-2016:1055 | 12.05.2016 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.2 High
CVSS2
Связанные уязвимости
Integer overflow in lib/asn1_decoder.c in the Linux kernel before 4.6 allows local users to gain privileges via crafted ASN.1 data.
Integer overflow in lib/asn1_decoder.c in the Linux kernel before 4.6 allows local users to gain privileges via crafted ASN.1 data.
Integer overflow in lib/asn1_decoder.c in the Linux kernel before 4.6 ...
Integer overflow in lib/asn1_decoder.c in the Linux kernel before 4.6 allows local users to gain privileges via crafted ASN.1 data.
ELSA-2016-1033: kernel security and bug fix update (IMPORTANT)
EPSS
7.2 High
CVSS2