CVE-2016-10147

Опубликовано: 02 дек. 2016

Источник: redhat

CVSS3: 5.5

CVSS2: 4.9

EPSS Низкий

Описание

crypto/mcryptd.c in the Linux kernel before 4.8.15 allows local users to cause a denial of service (NULL pointer dereference and system crash) by using an AF_ALG socket with an incompatible algorithm, as demonstrated by mcryptd(md5).

Algorithms not compatible with mcryptd could be spawned by mcryptd with a direct crypto_alloc_tfm invocation using a "mcryptd(alg)" name construct. This causes mcryptd to crash the kernel if an arbitrary "alg" is incompatible and not intended to be used with mcryptd.

Отчет

This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG-2 as the flaw is not present in the products listed.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	kernel	Not affected
Red Hat Enterprise Linux 6	kernel	Not affected
Red Hat Enterprise MRG 2	realtime-kernel	Not affected
Red Hat Enterprise Linux 7	kernel-rt	Fixed	RHSA-2017:2077	01.08.2017
Red Hat Enterprise Linux 7	kernel	Fixed	RHSA-2017:1842	01.08.2017

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-476

https://bugzilla.redhat.com/show_bug.cgi?id=1404200kernel: Kernel crash by spawning mcrypt(alg) with incompatible algorithm

EPSS

Процентиль: 24%

0.00076

Низкий

5.5 Medium

CVSS3

4.9 Medium

CVSS2

Связанные уязвимости

CVE-2016-10147

CVSS3: 5.5

ubuntu

больше 8 лет назад

CVE-2016-10147

CVSS3: 5.5

nvd

больше 8 лет назад

CVE-2016-10147

CVSS3: 5.5

debian

больше 8 лет назад

crypto/mcryptd.c in the Linux kernel before 4.8.15 allows local users ...

GHSA-7g63-chrj-5rq3

CVSS3: 5.5

github

около 3 лет назад

openSUSE-SU-2017:0458-1

suse-cvrf

больше 8 лет назад

Security update for the Linux Kernel

EPSS

Процентиль: 24%

0.00076

Низкий

5.5 Medium

CVSS3

4.9 Medium

CVSS2