Linux Kernel Vulnerability in Key Management by Linux Foundation
CVE-2016-4470

5.5MEDIUM

Key Information:

Vendor
Oracle
Status
Vm Server
Vendor
CVE Published:
27 June 2016

Summary

The Linux kernel's key management subsystem contains a vulnerability in the key_reject_and_link function, specifically in the way it initializes certain data structures. This flaw can be exploited by local users via crafted keyctl request2 commands, potentially leading to a denial of service by causing the system to crash.

References

http://www.oracle.com/technetwork/topics/security/ovmbull...
x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2016...
vendor-advisoryx_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016...
vendor-advisoryx_refsource_SUSE

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.