CVE-2016-10318

Опубликовано: 08 сент. 2016

Источник: redhat

CVSS3: 4.7

EPSS Низкий

Описание

A missing authorization check in the fscrypt_process_policy function in fs/crypto/policy.c in the ext4 and f2fs filesystem encryption support in the Linux kernel before 4.7.4 allows a user to assign an encryption policy to a directory owned by a different user, potentially creating a denial of service.

A missing authorization check in the fscrypt_process_policy function in fs/crypto/policy.c in the ext4 and f2fs filesystem encryption support in the Linux kernel allows a user to assign an encryption policy to a directory owned by a different user, potentially creating a denial of service.

Отчет

This issue does not affect Red Hat Enterprise Linux 5, 6 and 7, MRG and realtime kernels.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 5	kernel	Not affected
Red Hat Enterprise Linux 6	kernel	Not affected
Red Hat Enterprise Linux 7	kernel	Not affected
Red Hat Enterprise Linux 7	kernel-rt	Not affected
Red Hat Enterprise MRG 2	realtime-kernel	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-266

https://bugzilla.redhat.com/show_bug.cgi?id=1439768kernel: User can assign an encryption policy to a directory owned by a different user

EPSS

Процентиль: 68%

0.00565

Низкий

4.7 Medium

CVSS3

Связанные уязвимости

CVE-2016-10318

CVSS3: 6.5

ubuntu

почти 9 лет назад

CVE-2016-10318

CVSS3: 6.5

nvd

почти 9 лет назад

CVE-2016-10318

CVSS3: 6.5

debian

почти 9 лет назад

A missing authorization check in the fscrypt_process_policy function i ...

GHSA-mcg2-4f7h-vc52

CVSS3: 6.5

github

больше 3 лет назад

ELSA-2017-3659

oracle-oval

около 8 лет назад

ELSA-2017-3659: Unbreakable Enterprise kernel security and bugfix update (IMPORTANT)

EPSS

Процентиль: 68%

0.00565

Низкий

4.7 Medium

CVSS3