CVE-2016-0728

high-risk
Published 2016-02-08

The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands.

Do I need to act?

!
50.8% chance of exploitation in next 30 days
EPSS score — higher than 49% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
2 public exploits available
39277, 40003
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.8/10 High
LOCAL / LOW complexity

Affected Products (20)

Affected Vendors

Debian Canonical Hp Linux Google

References (84)

Vendor Advisory http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=23567f...
Mailing List http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176484.h...
Mailing List http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176194.ht...
Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00026.html
Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00012.html
Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00033.html
Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00034.html
Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00035.html
Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00038.html
Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00039.html
Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00040.html
Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00041.html
Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00043.html
Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00044.html
Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00045.html
Third Party Advisory http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-kerne...
Third Party Advisory http://rhn.redhat.com/errata/RHSA-2016-0064.html
Third Party Advisory http://rhn.redhat.com/errata/RHSA-2016-0065.html
Third Party Advisory http://rhn.redhat.com/errata/RHSA-2016-0068.html
Vendor Advisory http://source.android.com/security/bulletin/2016-03-01.html
and 64 more references
65
/ 100
high-risk
Severity 24/34 · High
Exploitability 18/34 · Moderate
Exposure 23/34 · High