Описание
The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command.
A flaw was found in the Linux kernel's keyring handling code: the key_reject_and_link() function could be forced to free an arbitrary memory block. An attacker could use this flaw to trigger a use-after-free condition on the system, potentially allowing for privilege escalation.
Отчет
This issue affects the Linux kernels as shipped with Red Hat Enterprise Linux 6 and may be addressed in a future update. This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG 2 as the due updates to fix this issue have been shipped now.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | kernel | Not affected | ||
| Red Hat Enterprise Linux 6 | kernel | Fixed | RHSA-2016:2006 | 04.10.2016 |
| Red Hat Enterprise Linux 6.4 Advanced Update Support | kernel | Fixed | RHSA-2016:2133 | 01.11.2016 |
| Red Hat Enterprise Linux 6.5 Advanced Update Support | kernel | Fixed | RHSA-2016:2074 | 18.10.2016 |
| Red Hat Enterprise Linux 6.6 Extended Update Support | kernel | Fixed | RHSA-2016:2128 | 31.10.2016 |
| Red Hat Enterprise Linux 6.7 Extended Update Support | kernel | Fixed | RHSA-2016:2076 | 18.10.2016 |
| Red Hat Enterprise Linux 7 | kernel-rt | Fixed | RHSA-2016:1541 | 02.08.2016 |
| Red Hat Enterprise Linux 7 | kernel | Fixed | RHSA-2016:1539 | 02.08.2016 |
| Red Hat Enterprise Linux 7.1 Extended Update Support | kernel | Fixed | RHSA-2016:1657 | 23.08.2016 |
| Red Hat Enterprise MRG 2 | kernel-rt | Fixed | RHSA-2016:1532 | 02.08.2016 |
Показывать по
Дополнительная информация
Статус:
7.8 High
CVSS3
6.9 Medium
CVSS2
Связанные уязвимости
The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command.
The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command.
The key_reject_and_link function in security/keys/key.c in the Linux k ...
Security update for Linux Kernel Live Patch 14 for SLE 12
Security update for Linux Kernel Live Patch 15 for SLE 12
7.8 High
CVSS3
6.9 Medium
CVSS2