CVE-2016-2053

low-risk

Published 2016-05-02

The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel before 4.3 allows attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c.

Do I need to act?

0.07% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 4.7/10 Medium

LOCAL / HIGH complexity

Affected Products (1)

Linux Kernel

Affected Vendors

Linux

References (56)

Vendor Advisory http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0d62e9...

Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00017.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00023.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html

and 36 more references

/ 100

low-risk

Severity 12/34 · Low

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal