Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.5
CVSSv3

CVE-2016-8650

Published: 28/11/2016 Updated: 12/02/2023
CVSS v2 Base Score: 4.9 | Impact Score: 6.9 | Exploitability Score: 3.9
CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8
VMScore: 436
Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C
Subscribe to Linux Kernel

Vulnerability Summary

The mpi_powm function in lib/mpi/mpi-pow.c in the Linux kernel up to and including 4.8.11 does not ensure that memory is allocated for limb data, which allows local users to cause a denial of service (stack memory corruption and panic) via an add_key system call for an RSA key with a zero exponent.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel

Vendor Advisories

Debian CVElist Bug Report Logs: linux-image-3.16.0-4-686-pae: chown removes security.capability xattr on other users' files (CVE-2015-1350)
Debian Bug report logs - #770492 linux-image-3160-4-686-pae: chown removes securitycapability xattr on other users' files (CVE-2015-1350) Package: src:linux; Maintainer for src:linux is Debian Kernel Team <debian-kernel@listsdebianorg>; Affects: wireshark-common, iputils-ping, fping Reported by: Ben Harris <bjh21@cama ...
Red Hat: Important: kernel-rt security and bug fix update
Synopsis Important: kernel-rt security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel-rt is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (C ...
Red Hat: Important: kernel security and bug fix update
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) b ...
Red Hat: Important: kernel security, bug fix, and enhancement update
Synopsis Important: kernel security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impactof Important A Common Vulnerability Scoring Sy ...
Red Hat: Important: kernel-rt security and bug fix update
Synopsis Important: kernel-rt security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel-rt is now available for Red Hat Enterprise MRG 2Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVS ...
Ubuntu Security Notice: linux-lts-trusty vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: linux vulnerabilities
Several security issues were fixed in the Linux kernel ...
Amazon Linux AMI: ALAS-2017-782
A flaw was found in the Linux kernel key management subsystem in which a local attacker could crash the kernel or corrupt the stack and additional memory (denial of service) by supplying a specially crafted RSA key This flaw panics the machine during the verification of the RSA key (CVE-2016-8650) The blk_rq_map_user_iov function in block/blk-ma ...
Red Hat: CVE-2016-8650
A flaw was found in the Linux kernel key management subsystem in which a local attacker could crash the kernel or corrupt the stack and additional memory (denial of service) by supplying a specially crafted RSA key This flaw panics the machine during the verification of the RSA key ...

Github Repositories

https://github.com/RUB-SysSec/kAFL

Code for the USENIX 2017 paper: kAFL: Hardware-Assisted Feedback Fuzzing for OS Kernels

kAFL: Hardware-Assisted Feedback Fuzzing for OS Kernels Blazing fast x86-64 VM kernel fuzzing framework with performant VM reloads for Linux, MacOS and Windows Published at USENIX Security 2017 Currently missing: full documentation agents for macOS and Windows (except for our test driver) BibTex: @inproceedings{schumilo2017kafl, author = {Schumilo, Sergej and Aschermann

References

CWE-20CWE-399https://github.com/torvalds/linux/commit/f5527fffff3f002b0a6b376163613b82f69de073http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f5527fffff3f002b0a6b376163613b82f69de073http://www.openwall.com/lists/oss-security/2016/11/24/8http://seclists.org/fulldisclosure/2016/Nov/76https://bugzilla.redhat.com/show_bug.cgi?id=1395187http://www.securityfocus.com/bid/94532https://source.android.com/security/bulletin/2017-03-01.htmlhttp://www.securitytracker.com/id/1037968https://access.redhat.com/errata/RHSA-2017:0933https://access.redhat.com/errata/RHSA-2017:0932https://access.redhat.com/errata/RHSA-2017:0931https://access.redhat.com/errata/RHSA-2018:1854https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770492https://nvd.nist.govhttps://github.com/RUB-SysSec/kAFLhttps://usn.ubuntu.com/3422-2/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionSSRFbuffer overflowCVE-2023-28952CVE-2023-41822CVE-2024-27956CVE-2023-7028CVE-2024-34447CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook