Linux Kernel Vulnerability in Key Management by Linux Foundation
CVE-2016-4470

5.5MEDIUM

Key Information:

Vendor: Oracle
Status: Vm Server
Vendor: CVE Published:; 27 June 2016

🔔 Create Oracle Vulnerability Alert

What is CVE-2016-4470?

The Linux kernel's key management subsystem contains a vulnerability in the key_reject_and_link function, specifically in the way it initializes certain data structures. This flaw can be exploited by local users via crafted keyctl request2 commands, potentially leading to a denial of service by causing the system to crash.

References

http://www.oracle.com/technetwork/topics/security/ovmbull...

x_refsource_CONFIRM

http://lists.opensuse.org/opensuse-security-announce/2016...

vendor-advisoryx_refsource_SUSE

http://lists.opensuse.org/opensuse-security-announce/2016...

vendor-advisoryx_refsource_SUSE

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 27, 2016
Vulnerability Reserved
May 2, 2016

.

CVE-2016-4470 : Linux Kernel Vulnerability in Key Management by Linux Foundation