The join_session_keyring function in security/keys/process_keys.c in the Linux kernel prior to 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
google android 5.1.0 |
||
google android 4.2 |
||
google android 4.1 |
||
google android 5.0.2 |
||
google android 6.0.1 |
||
google android 6.0 |
||
google android 4.0.2 |
||
google android 4.4.3 |
||
google android 4.0.4 |
||
google android 4.3 |
||
google android 4.0.1 |
||
google android 4.2.1 |
||
google android 5.0.1 |
||
google android 5.0 |
||
google android 4.0.3 |
||
google android 4.0 |
||
google android 4.4 |
||
google android 4.4.1 |
||
google android 5.1.1 |
||
google android 4.2.2 |
||
google android 4.3.1 |
||
google android 4.4.2 |
||
google android 5.1 |
||
google android 4.1.2 |
||
hp server migration pack |
||
linux linux kernel |
||
debian debian linux 8.0 |
||
canonical ubuntu linux 15.10 |
||
canonical ubuntu linux 15.04 |
||
canonical ubuntu linux 14.04 |
||
canonical ubuntu linux 12.04 |
Step 2: ??? Step 3: /#
Oh look, it's another Linux kernel bug that allows a local user to escalate themselves to root. In exploiting CVE-2016-0728, discovered by Perception Point, “patience you must have,” because you have to cycle a 32-bit integer in the kernel around to zero. That means making 4,294,967,296 system calls to exploit the vulnerability. Patches have been issued for affected distributions, which nixCraft lists as: So, get updating your systems. The problem exists in kernels compiled with the Kernel K...