CVE-2016-0728 - Vulnerability Details

The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Canonical	Ubuntu Linux
Debian	Debian Linux
Google	Android
Hp	Server Migration Pack
Linux	Linux Kernel
Redhat	Enterprise Linux Enterprise Mrg Rhel Eus Rhel Extras Rt

Configuration 1 [-]

OR	cpe:2.3:o:google:android:4.0:::::::*
	cpe:2.3:o:google:android:4.0.1:::::::*
	cpe:2.3:o:google:android:4.0.2:::::::*
	cpe:2.3:o:google:android:4.0.3:::::::*
	cpe:2.3:o:google:android:4.0.4:::::::*
	cpe:2.3:o:google:android:4.1:::::::*
	cpe:2.3:o:google:android:4.1.2:::::::*
	cpe:2.3:o:google:android:4.2:::::::*
	cpe:2.3:o:google:android:4.2.1:::::::*
	cpe:2.3:o:google:android:4.2.2:::::::*
	cpe:2.3:o:google:android:4.3:::::::*
	cpe:2.3:o:google:android:4.3.1:::::::*
	cpe:2.3:o:google:android:4.4:::::::*
	cpe:2.3:o:google:android:4.4.1:::::::*
	cpe:2.3:o:google:android:4.4.2:::::::*
	cpe:2.3:o:google:android:4.4.3:::::::*
	cpe:2.3:o:google:android:5.0:::::::*
	cpe:2.3:o:google:android:5.0.1:::::::*
	cpe:2.3:o:google:android:5.0.2:::::::*
	cpe:2.3:o:google:android:5.1:::::::*
	cpe:2.3:o:google:android:5.1.0:::::::*
	cpe:2.3:o:google:android:5.1.1:::::::*
	cpe:2.3:o:google:android:6.0:::::::*
	cpe:2.3:o:google:android:6.0.1:::::::*

Configuration 2 [-]

cpe:2.3:a:hp:server_migration_pack:*:*:*:*:*:*:*:*

Configuration 3 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

Configuration 4 [-]

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Configuration 5 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:12.04::::-:::
	cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:15.04:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 7
kernel-rt-0:3.10.0-327.4.5.rt56.206.el7_2	cpe:/a:redhat:rhel_extras_rt:7	RHSA-2016:0065	2016-01-25T00:00:00Z
kernel-0:3.10.0-327.4.5.el7	cpe:/o:redhat:enterprise_linux:7	RHSA-2016:0064	2016-01-25T00:00:00Z
Red Hat Enterprise Linux 7.1 Extended Update Support
kernel-0:3.10.0-229.26.2.ael7b	cpe:/o:redhat:rhel_eus:7.1	RHSA-2016:0103	2016-02-02T00:00:00Z
Red Hat Enterprise MRG 2
kernel-rt-1:3.10.0-327.rt56.170.el6rt	cpe:/a:redhat:enterprise_mrg:2:server:el6	RHSA-2016:0068	2016-01-26T00:00:00Z

References

Link	Providers
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=23567fd052a9abb6d67fe8e7a9ccdd9800a540f2
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176484.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176194.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00026.html
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00012.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00033.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00034.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00035.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00038.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00039.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00040.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00041.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00043.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00044.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00045.html
http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-2016-0728/
http://rhn.redhat.com/errata/RHSA-2016-0064.html
http://rhn.redhat.com/errata/RHSA-2016-0065.html
http://rhn.redhat.com/errata/RHSA-2016-0068.html
http://source.android.com/security/bulletin/2016-03-01.html
http://www.debian.org/security/2016/dsa-3448
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.1
http://www.openwall.com/lists/oss-security/2016/01/19/2
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
http://www.securityfocus.com/bid/81054
http://www.securitytracker.com/id/1034701
http://www.ubuntu.com/usn/USN-2870-1
http://www.ubuntu.com/usn/USN-2870-2
http://www.ubuntu.com/usn/USN-2871-1
http://www.ubuntu.com/usn/USN-2871-2
http://www.ubuntu.com/usn/USN-2872-1
http://www.ubuntu.com/usn/USN-2872-2
http://www.ubuntu.com/usn/USN-2872-3
http://www.ubuntu.com/usn/USN-2873-1
https://access.redhat.com/node/2131021
https://bto.bluecoat.com/security-advisory/sa112
https://bugzilla.redhat.com/show_bug.cgi?id=1297475
https://github.com/torvalds/linux/commit/23567fd052a9abb6d67fe8e7a9ccdd9800a540f2
https://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05018265
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05130958
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
https://nvd.nist.gov/vuln/detail/CVE-2016-0728
https://security.netapp.com/advisory/ntap-20160211-0001/
https://www.cve.org/CVERecord?id=CVE-2016-0728
https://www.exploit-db.com/exploits/39277/

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2016-02-08T02:00:00

Updated: 2024-08-05T22:30:03.960Z

Reserved: 2015-12-16T00:00:00

Link: CVE-2016-0728

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2016-02-08T03:59:10.887

Modified: 2025-04-12T10:46:40.837

Link: CVE-2016-0728

Redhat

Severity : Important

Publid Date: 2016-01-19T00:00:00Z

Links: CVE-2016-0728 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-01-19T00:00:00", "descriptions": [{"lang": "en", "value": "The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-11-09T10:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "1034701", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1034701"}, {"name": "SUSE-SU-2016:0750", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00038.html"}, {"name": "USN-2871-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2871-1"}, {"name": "RHSA-2016:0068", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-0068.html"}, {"name": "SUSE-SU-2016:0205", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00026.html"}, {"name": "USN-2870-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2870-2"}, {"name": "SUSE-SU-2016:0751", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00039.html"}, {"name": "USN-2872-3", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2872-3"}, {"name": "SUSE-SU-2016:0747", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00035.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.1"}, {"name": "SUSE-SU-2016:0755", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00043.html"}, {"name": "USN-2872-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2872-1"}, {"tags": ["x_refsource_MISC"], "url": "http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-2016-0728/"}, {"name": "SUSE-SU-2016:0757", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00045.html"}, {"name": "USN-2871-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2871-2"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=23567fd052a9abb6d67fe8e7a9ccdd9800a540f2"}, {"name": "SUSE-SU-2016:0753", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00041.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"}, {"name": "39277", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/39277/"}, {"name": "FEDORA-2016-b59fd603be", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176194.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://source.android.com/security/bulletin/2016-03-01.html"}, {"name": "SUSE-SU-2016:0746", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00034.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/torvalds/linux/commit/23567fd052a9abb6d67fe8e7a9ccdd9800a540f2"}, {"name": "81054", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/81054"}, {"name": "USN-2873-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2873-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1297475"}, {"name": "FEDORA-2016-5d43766e33", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176484.html"}, {"name": "SUSE-SU-2016:0745", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00033.html"}, {"name": "RHSA-2016:0065", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-0065.html"}, {"name": "USN-2870-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2870-1"}, {"name": "SUSE-SU-2016:0756", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00044.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bto.bluecoat.com/security-advisory/sa112"}, {"name": "USN-2872-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2872-2"}, {"name": "DSA-3448", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2016/dsa-3448"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20160211-0001/"}, {"name": "RHSA-2016:0064", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-0064.html"}, {"name": "HPSBHF03436", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "https://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05018265"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05130958"}, {"name": "SUSE-SU-2016:0752", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00040.html"}, {"name": "SUSE-SU-2016:0341", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00012.html"}, {"name": "[oss-security] 20160119 Linux kernel: use after free in keyring facility.", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2016/01/19/2"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T22:30:03.960Z"}, "title": "CVE Program Container", "references": [{"name": "1034701", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1034701"}, {"name": "SUSE-SU-2016:0750", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00038.html"}, {"name": "USN-2871-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2871-1"}, {"name": "RHSA-2016:0068", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-0068.html"}, {"name": "SUSE-SU-2016:0205", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00026.html"}, {"name": "USN-2870-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2870-2"}, {"name": "SUSE-SU-2016:0751", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00039.html"}, {"name": "USN-2872-3", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2872-3"}, {"name": "SUSE-SU-2016:0747", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00035.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.1"}, {"name": "SUSE-SU-2016:0755", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00043.html"}, {"name": "USN-2872-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2872-1"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-2016-0728/"}, {"name": "SUSE-SU-2016:0757", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00045.html"}, {"name": "USN-2871-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2871-2"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=23567fd052a9abb6d67fe8e7a9ccdd9800a540f2"}, {"name": "SUSE-SU-2016:0753", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00041.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"}, {"name": "39277", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/39277/"}, {"name": "FEDORA-2016-b59fd603be", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176194.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://source.android.com/security/bulletin/2016-03-01.html"}, {"name": "SUSE-SU-2016:0746", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00034.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/torvalds/linux/commit/23567fd052a9abb6d67fe8e7a9ccdd9800a540f2"}, {"name": "81054", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/81054"}, {"name": "USN-2873-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2873-1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1297475"}, {"name": "FEDORA-2016-5d43766e33", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176484.html"}, {"name": "SUSE-SU-2016:0745", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00033.html"}, {"name": "RHSA-2016:0065", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-0065.html"}, {"name": "USN-2870-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2870-1"}, {"name": "SUSE-SU-2016:0756", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00044.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bto.bluecoat.com/security-advisory/sa112"}, {"name": "USN-2872-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2872-2"}, {"name": "DSA-3448", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2016/dsa-3448"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20160211-0001/"}, {"name": "RHSA-2016:0064", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-0064.html"}, {"name": "HPSBHF03436", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "https://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05018265"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05130958"}, {"name": "SUSE-SU-2016:0752", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00040.html"}, {"name": "SUSE-SU-2016:0341", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00012.html"}, {"name": "[oss-security] 20160119 Linux kernel: use after free in keyring facility.", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2016/01/19/2"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2016-0728", "datePublished": "2016-02-08T02:00:00", "dateReserved": "2015-12-16T00:00:00", "dateUpdated": "2024-08-05T22:30:03.960Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:google:android:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "A39C31E3-75C0-4E92-A6B5-7D67B22E3449", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "BB318EA4-2908-4B91-8DBB-20008FDF528A", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:4.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "1F4E46A9-B652-47CE-92E8-01021E57724B", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:4.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "AB9B53C6-AE84-4A45-B83E-8E5CE44F7B93", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:4.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "36DD8E3F-6308-4680-B932-4CBD8E58A7FB", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:4.1:*:*:*:*:*:*:*", "matchCriteriaId": "1DA9F0F7-D592-481E-884C-B1A94E702825", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:4.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "6CD857E7-B878-49F9-BDDA-93DDEBB0B42B", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:4.2:*:*:*:*:*:*:*", "matchCriteriaId": "FBDABB6C-FFF9-4E79-9EF1-BDC0BBDEA9F1", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:4.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "A47AB858-36DE-4330-8CAC-1B46C5C8DA80", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:4.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "49413FF7-7910-4F74-B106-C3170612CB2A", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:4.3:*:*:*:*:*:*:*", "matchCriteriaId": "A2467F65-A3B7-4E45-A9A5-E5A6EFD99D7B", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:4.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "A8882E50-7C49-4A99-91F2-DF979CF8BB2F", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:4.4:*:*:*:*:*:*:*", "matchCriteriaId": "98C32982-095C-4628-9958-118A3D3A9CAA", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:4.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "8FC0FCEA-0B3D-43C1-AB62-4F9C880B4CA1", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:4.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "EC75ED04-B8C7-4CC0-AC64-AE2D9E0CDF5D", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:4.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "FC13D3EE-CC89-4883-8E3D-3FE25FB8CF42", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "7C4E6353-B77A-464F-B7DE-932704003B33", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "77125688-2CCA-4990-ABB2-551D47CB0CDD", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:5.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "E9915371-C730-41F7-B86E-7E4DE0DF5385", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:5.1:*:*:*:*:*:*:*", "matchCriteriaId": "E7A8EC00-266C-409B-AD43-18E8DFCD6FE3", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:5.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "B846C63A-7261-481E-B4A4-0D8C79E0D8A7", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "B1D94CDD-DE7B-444E-A3AE-AE9C9A779374", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E70C6D8D-C9C3-4D92-8DFC-71F59E068295", "vulnerable": true}, {"criteria": "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "691FA41B-C2CE-413F-ABB1-0B22CB322807", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hp:server_migration_pack:*:*:*:*:*:*:*:*", "matchCriteriaId": "E90CE198-631E-4931-9349-0287783B78BC", "versionEndIncluding": "7.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "EBA7B5CE-5867-4F25-9513-DB28B00EA345", "versionEndExcluding": "3.10.95", "versionStartIncluding": "3.8", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "F7AF3AA1-D6B8-4473-A781-740F7AC7A81F", "versionEndExcluding": "3.12.53", "versionStartIncluding": "3.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "B8AC651B-877B-40A1-B0FB-E13C039FBBCF", "versionEndExcluding": "3.14.59", "versionStartIncluding": "3.13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "7DC4BA70-B111-4D2E-BC78-6601CED68F08", "versionEndExcluding": "3.16.35", "versionStartIncluding": "3.15", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "152B915A-F9A5-4DB5-B0B3-DBF5F092773B", "versionEndExcluding": "3.18.26", "versionStartIncluding": "3.17", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "F829E177-AAF1-4509-964D-48DA8AE2C8BC", "versionEndExcluding": "4.1.16", "versionStartIncluding": "3.19", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "B6B89F94-302A-4313-8FE5-E3C43BD4271E", "versionEndExcluding": "4.3.4", "versionStartIncluding": "4.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E5E05934-78CB-49ED-A2B3-1B4CBCB648AB", "versionEndExcluding": "4.4.1", "versionStartIncluding": "4.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*", "matchCriteriaId": "CB66DB75-2B16-4EBF-9B93-CE49D8086E41", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*", "matchCriteriaId": "F38D3B7E-8429-473F-BB31-FC3583EE5A5B", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands."}, {"lang": "es", "value": "La funci\u00f3n join_session_keyring en security/keys/process_keys.c en el kernel de Linux en versiones anteriores a 4.4.1 no maneja correctamente referencias a objetos en un cierto caso de error, lo que permite a usuarios locales obtener privilegios o provocar una denegaci\u00f3n de servicio (desbordamiento de entero y uso despu\u00e9s de liberaci\u00f3n) a trav\u00e9s de comandos keyctl manipulados."}], "evaluatorComment": "CWE-190: Integer Overflow or Wraparound \n\nCWE-416: Use After Free", "id": "CVE-2016-0728", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-02-08T03:59:10.887", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=23567fd052a9abb6d67fe8e7a9ccdd9800a540f2"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176484.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176194.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00026.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00012.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00033.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00034.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00035.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00038.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00039.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00040.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00041.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00043.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00044.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00045.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-2016-0728/"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2016-0064.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2016-0065.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2016-0068.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://source.android.com/security/bulletin/2016-03-01.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2016/dsa-3448"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.1"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2016/01/19/2"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/81054"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1034701"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2870-1"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2870-2"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2871-1"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2871-2"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2872-1"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2872-2"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2872-3"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2873-1"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://bto.bluecoat.com/security-advisory/sa112"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1297475"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://github.com/torvalds/linux/commit/23567fd052a9abb6d67fe8e7a9ccdd9800a540f2"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05018265"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05130958"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20160211-0001/"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/39277/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=23567fd052a9abb6d67fe8e7a9ccdd9800a540f2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176484.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176194.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00026.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00012.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00033.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00034.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00035.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00038.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00039.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00040.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00041.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00043.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00044.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00045.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-2016-0728/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2016-0064.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2016-0065.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2016-0068.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://source.android.com/security/bulletin/2016-03-01.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2016/dsa-3448"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2016/01/19/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/81054"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1034701"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2870-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2870-2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2871-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2871-2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2872-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2872-2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2872-3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2873-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://bto.bluecoat.com/security-advisory/sa112"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1297475"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/torvalds/linux/commit/23567fd052a9abb6d67fe8e7a9ccdd9800a540f2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05018265"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05130958"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20160211-0001/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/39277/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank the Perception Point research team for reporting this issue.", "affected_release": [{"advisory": "RHSA-2016:0065", "cpe": "cpe:/a:redhat:rhel_extras_rt:7", "package": "kernel-rt-0:3.10.0-327.4.5.rt56.206.el7_2", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2016-01-25T00:00:00Z"}, {"advisory": "RHSA-2016:0064", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "kernel-0:3.10.0-327.4.5.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2016-01-25T00:00:00Z"}, {"advisory": "RHSA-2016:0103", "cpe": "cpe:/o:redhat:rhel_eus:7.1", "package": "kernel-0:3.10.0-229.26.2.ael7b", "product_name": "Red Hat Enterprise Linux 7.1 Extended Update Support", "release_date": "2016-02-02T00:00:00Z"}, {"advisory": "RHSA-2016:0068", "cpe": "cpe:/a:redhat:enterprise_mrg:2:server:el6", "package": "kernel-rt-1:3.10.0-327.rt56.170.el6rt", "product_name": "Red Hat Enterprise MRG 2", "release_date": "2016-01-26T00:00:00Z"}], "bugzilla": {"description": "kernel: Possible use-after-free vulnerability in keyring facility", "id": "1297475", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1297475"}, "csaw": true, "cvss": {"cvss_base_score": "7.2", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "status": "verified"}, "cwe": "CWE-416", "details": ["The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands.", "A use-after-free flaw was found in the way the Linux kernel's key management subsystem handled keyring object reference counting in certain error path of the join_session_keyring() function. A local, unprivileged user could use this flaw to escalate their privileges on the system."], "name": "CVE-2016-0728", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:4", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 4"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2016-01-19T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2016-0728\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0728\nhttps://access.redhat.com/node/2131021"], "statement": "This issue does not affect the Linux kernels as shipped with Red Hat Enterprise Linux 5 and 6. \nRefer to https://access.redhat.com/node/2131021 for further information.", "threat_severity": "Important"}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object