CVE-2016-4470 - Vulnerability Details

The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:L/AC:L/Au:N/C:N/I:N/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel
Novell	Suse Linux Enterprise Real Time Extension
Oracle	Linux Vm Server
Redhat	Enterprise Linux Enterprise Linux Desktop Enterprise Linux For Real Time Enterprise Linux Hpc Node Enterprise Linux Hpc Node Eus Enterprise Linux Server Enterprise Linux Server Aus Enterprise Linux Server Eus Enterprise Linux Workstation Enterprise Mrg Rhel Aus Rhel Eus Rhel Extras Rt

Configuration 1 [-]

OR	cpe:2.3:o:oracle:vm_server:3.3:::::::*
	cpe:2.3:o:oracle:vm_server:3.4:::::::*

Configuration 2 [-]

OR	cpe:2.3:o:oracle:linux:5.0:::::::*
	cpe:2.3:o:oracle:linux:6:::::::*
	cpe:2.3:o:oracle:linux:7:::::::*

Configuration 3 [-]

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 4 [-]

cpe:2.3:o:novell:suse_linux_enterprise_real_time_extension:12.0:sp1:*:*:*:*:*:*

Configuration 5 [-]

OR	cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_real_time:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_mrg:2.0:::::::*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 6
kernel-0:2.6.32-642.6.1.el6	cpe:/o:redhat:enterprise_linux:6	RHSA-2016:2006	2016-10-04T00:00:00Z
Red Hat Enterprise Linux 6.4 Advanced Update Support
kernel-0:2.6.32-358.75.1.el6	cpe:/o:redhat:rhel_aus:6.4	RHSA-2016:2133	2016-11-01T00:00:00Z
Red Hat Enterprise Linux 6.5 Advanced Update Support
kernel-0:2.6.32-431.74.1.el6	cpe:/o:redhat:rhel_aus:6.5	RHSA-2016:2074	2016-10-18T00:00:00Z
Red Hat Enterprise Linux 6.6 Extended Update Support
kernel-0:2.6.32-504.54.1.el6	cpe:/o:redhat:rhel_eus:6.6	RHSA-2016:2128	2016-10-31T00:00:00Z
Red Hat Enterprise Linux 6.7 Extended Update Support
kernel-0:2.6.32-573.35.1.el6	cpe:/o:redhat:rhel_eus:6.7	RHSA-2016:2076	2016-10-18T00:00:00Z
Red Hat Enterprise Linux 7
kernel-rt-0:3.10.0-327.28.2.rt56.234.el7_2	cpe:/a:redhat:rhel_extras_rt:7	RHSA-2016:1541	2016-08-02T00:00:00Z
kernel-0:3.10.0-327.28.2.el7	cpe:/o:redhat:enterprise_linux:7	RHSA-2016:1539	2016-08-02T00:00:00Z
Red Hat Enterprise Linux 7.1 Extended Update Support
kernel-0:3.10.0-229.40.1.ael7b	cpe:/o:redhat:rhel_eus:7.1	RHSA-2016:1657	2016-08-23T00:00:00Z
Red Hat Enterprise MRG 2
kernel-rt-1:3.10.0-327.rt56.194.el6rt	cpe:/a:redhat:enterprise_mrg:2:server:el6	RHSA-2016:1532	2016-08-02T00:00:00Z

References

Link	Providers
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=38327424b40bcebe2de92d07312c89360ac9229a
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00012.html
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00013.html
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00017.html
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00023.html
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00027.html
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html
http://rhn.redhat.com/errata/RHSA-2016-1532.html
http://rhn.redhat.com/errata/RHSA-2016-1539.html
http://rhn.redhat.com/errata/RHSA-2016-1541.html
http://rhn.redhat.com/errata/RHSA-2016-1657.html
http://rhn.redhat.com/errata/RHSA-2016-2006.html
http://rhn.redhat.com/errata/RHSA-2016-2074.html
http://rhn.redhat.com/errata/RHSA-2016-2076.html
http://rhn.redhat.com/errata/RHSA-2016-2128.html
http://rhn.redhat.com/errata/RHSA-2016-2133.html
http://www.debian.org/security/2016/dsa-3607
http://www.openwall.com/lists/oss-security/2016/06/15/11
http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
http://www.securitytracker.com/id/1036763
http://www.ubuntu.com/usn/USN-3049-1
http://www.ubuntu.com/usn/USN-3050-1
http://www.ubuntu.com/usn/USN-3051-1
http://www.ubuntu.com/usn/USN-3052-1
http://www.ubuntu.com/usn/USN-3053-1
http://www.ubuntu.com/usn/USN-3054-1
http://www.ubuntu.com/usn/USN-3055-1
http://www.ubuntu.com/usn/USN-3056-1
http://www.ubuntu.com/usn/USN-3057-1
https://bugzilla.redhat.com/show_bug.cgi?id=1341716
https://github.com/torvalds/linux/commit/38327424b40bcebe2de92d07312c89360ac9229a
https://nvd.nist.gov/vuln/detail/CVE-2016-4470
https://www.cve.org/CVERecord?id=CVE-2016-4470

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2016-06-27T10:00:00

Updated: 2024-08-06T00:32:25.328Z

Reserved: 2016-05-02T00:00:00

Link: CVE-2016-4470

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2016-06-27T10:59:08.720

Modified: 2025-04-12T10:46:40.837

Link: CVE-2016-4470

Redhat

Severity : Important

Publid Date: 2016-06-15T00:00:00Z

Links: CVE-2016-4470 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-06-15T00:00:00", "descriptions": [{"lang": "en", "value": "The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-01-04T19:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"}, {"name": "SUSE-SU-2016:2010", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html"}, {"name": "SUSE-SU-2016:2011", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00023.html"}, {"name": "USN-3054-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-3054-1"}, {"name": "SUSE-SU-2016:2003", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00017.html"}, {"name": "RHSA-2016:1657", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-1657.html"}, {"name": "SUSE-SU-2016:1994", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"}, {"name": "USN-3051-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-3051-1"}, {"name": "RHSA-2016:2128", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2128.html"}, {"name": "SUSE-SU-2016:1961", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html"}, {"name": "RHSA-2016:2133", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2133.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"}, {"name": "SUSE-SU-2016:2001", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html"}, {"name": "SUSE-SU-2016:1985", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"}, {"name": "USN-3053-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-3053-1"}, {"name": "openSUSE-SU-2016:2184", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"}, {"name": "SUSE-SU-2016:1998", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00012.html"}, {"name": "USN-3055-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-3055-1"}, {"name": "SUSE-SU-2016:2006", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html"}, {"name": "USN-3056-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-3056-1"}, {"name": "USN-3052-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-3052-1"}, {"name": "USN-3049-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-3049-1"}, {"name": "RHSA-2016:1541", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-1541.html"}, {"name": "SUSE-SU-2016:2014", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html"}, {"name": "SUSE-SU-2016:2018", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00027.html"}, {"name": "DSA-3607", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2016/dsa-3607"}, {"name": "RHSA-2016:1539", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-1539.html"}, {"name": "1036763", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1036763"}, {"name": "RHSA-2016:1532", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-1532.html"}, {"name": "RHSA-2016:2006", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2006.html"}, {"name": "SUSE-SU-2016:2009", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=38327424b40bcebe2de92d07312c89360ac9229a"}, {"name": "[oss-security] 20160615 CVE-2016-4470: Linux kernel Uninitialized variable in request_key handling user controlled kfree().", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2016/06/15/11"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1341716"}, {"name": "USN-3050-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-3050-1"}, {"name": "SUSE-SU-2016:2005", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html"}, {"name": "SUSE-SU-2016:2007", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html"}, {"name": "SUSE-SU-2016:1999", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00013.html"}, {"name": "SUSE-SU-2016:2000", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html"}, {"name": "RHSA-2016:2076", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2076.html"}, {"name": "USN-3057-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-3057-1"}, {"name": "SUSE-SU-2016:1995", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html"}, {"name": "RHSA-2016:2074", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2074.html"}, {"name": "SUSE-SU-2016:2105", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"}, {"name": "SUSE-SU-2016:2002", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/torvalds/linux/commit/38327424b40bcebe2de92d07312c89360ac9229a"}, {"name": "SUSE-SU-2016:1937", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T00:32:25.328Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"}, {"name": "SUSE-SU-2016:2010", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html"}, {"name": "SUSE-SU-2016:2011", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00023.html"}, {"name": "USN-3054-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-3054-1"}, {"name": "SUSE-SU-2016:2003", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00017.html"}, {"name": "RHSA-2016:1657", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-1657.html"}, {"name": "SUSE-SU-2016:1994", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"}, {"name": "USN-3051-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-3051-1"}, {"name": "RHSA-2016:2128", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2128.html"}, {"name": "SUSE-SU-2016:1961", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html"}, {"name": "RHSA-2016:2133", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2133.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"}, {"name": "SUSE-SU-2016:2001", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html"}, {"name": "SUSE-SU-2016:1985", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"}, {"name": "USN-3053-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-3053-1"}, {"name": "openSUSE-SU-2016:2184", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"}, {"name": "SUSE-SU-2016:1998", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00012.html"}, {"name": "USN-3055-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-3055-1"}, {"name": "SUSE-SU-2016:2006", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html"}, {"name": "USN-3056-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-3056-1"}, {"name": "USN-3052-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-3052-1"}, {"name": "USN-3049-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-3049-1"}, {"name": "RHSA-2016:1541", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-1541.html"}, {"name": "SUSE-SU-2016:2014", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html"}, {"name": "SUSE-SU-2016:2018", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00027.html"}, {"name": "DSA-3607", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2016/dsa-3607"}, {"name": "RHSA-2016:1539", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-1539.html"}, {"name": "1036763", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1036763"}, {"name": "RHSA-2016:1532", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-1532.html"}, {"name": "RHSA-2016:2006", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2006.html"}, {"name": "SUSE-SU-2016:2009", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=38327424b40bcebe2de92d07312c89360ac9229a"}, {"name": "[oss-security] 20160615 CVE-2016-4470: Linux kernel Uninitialized variable in request_key handling user controlled kfree().", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2016/06/15/11"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1341716"}, {"name": "USN-3050-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-3050-1"}, {"name": "SUSE-SU-2016:2005", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html"}, {"name": "SUSE-SU-2016:2007", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html"}, {"name": "SUSE-SU-2016:1999", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00013.html"}, {"name": "SUSE-SU-2016:2000", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html"}, {"name": "RHSA-2016:2076", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2076.html"}, {"name": "USN-3057-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-3057-1"}, {"name": "SUSE-SU-2016:1995", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html"}, {"name": "RHSA-2016:2074", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2074.html"}, {"name": "SUSE-SU-2016:2105", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"}, {"name": "SUSE-SU-2016:2002", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/torvalds/linux/commit/38327424b40bcebe2de92d07312c89360ac9229a"}, {"name": "SUSE-SU-2016:1937", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2016-4470", "datePublished": "2016-06-27T10:00:00", "dateReserved": "2016-05-02T00:00:00", "dateUpdated": "2024-08-06T00:32:25.328Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:oracle:vm_server:3.3:*:*:*:*:*:*:*", "matchCriteriaId": "C2D62B2C-40E5-41B7-9DAA-029BCD079054", "vulnerable": true}, {"criteria": "cpe:2.3:o:oracle:vm_server:3.4:*:*:*:*:*:*:*", "matchCriteriaId": "4BA58099-26F7-4B01-B9FC-275F012FE9C6", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:oracle:linux:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "E3CCD459-9E6D-4731-8054-CDF8B58454A9", "vulnerable": true}, {"criteria": "cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*", "matchCriteriaId": "CC7A498A-A669-4C42-8134-86103C799D13", "vulnerable": true}, {"criteria": "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*", "matchCriteriaId": "104DA87B-DEE4-4262-AE50-8E6BC43B228B", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "FC099084-12C9-4396-ABC7-F389CFAD871E", "versionEndIncluding": "4.6.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:novell:suse_linux_enterprise_real_time_extension:12.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "B2905A9C-3E00-4188-8341-E5C2F62EF405", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_real_time:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "1BA3C94F-5FA1-4805-A3EC-6E27AE9AB10C", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "3C84489B-B08C-4854-8A12-D01B6E45CF79", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "079318CC-8A10-401B-8BC9-8CD28C3F1797", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "1C8D871B-AEA1-4407-AEE3-47EC782250FF", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "44B067C7-735E-43C9-9188-7E1522A02491", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "C60FA8B1-1802-4522-A088-22171DCF7A93", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command."}, {"lang": "es", "value": "La funci\u00f3n key_reject_and_link en security/keys/key.c en el kernel de Linux hasta la versi\u00f3n 4.6.3 no asegura que cierta estructura de datos est\u00e9 inicializada, lo que permite a usuarios locales provocar una denegaci\u00f3n de servicio (ca\u00edda del sistema) a trav\u00e9s de vectores involucrando un comando keyctl request2 manipulado."}], "evaluatorComment": "<a href=\"http://cwe.mitre.org/data/definitions/416.html\">CWE-416: Use After Free</a>", "id": "CVE-2016-4470", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-06-27T10:59:08.720", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=38327424b40bcebe2de92d07312c89360ac9229a"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00012.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00013.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00017.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00023.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00027.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2016-1532.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2016-1539.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2016-1541.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2016-1657.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2016-2006.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2016-2074.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2016-2076.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2016-2128.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2016-2133.html"}, {"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2016/dsa-3607"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2016/06/15/11"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"}, {"source": "secalert@redhat.com", "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"}, {"source": "secalert@redhat.com", "url": "http://www.securitytracker.com/id/1036763"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-3049-1"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-3050-1"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-3051-1"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-3052-1"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-3053-1"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-3054-1"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-3055-1"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-3056-1"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-3057-1"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory", "VDB Entry"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1341716"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://github.com/torvalds/linux/commit/38327424b40bcebe2de92d07312c89360ac9229a"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=38327424b40bcebe2de92d07312c89360ac9229a"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00012.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00013.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00017.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00023.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00027.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2016-1532.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2016-1539.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2016-1541.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2016-1657.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2016-2006.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2016-2074.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2016-2076.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2016-2128.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2016-2133.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2016/dsa-3607"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2016/06/15/11"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1036763"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-3049-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-3050-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-3051-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-3052-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-3053-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-3054-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-3055-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-3056-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-3057-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory", "VDB Entry"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1341716"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://github.com/torvalds/linux/commit/38327424b40bcebe2de92d07312c89360ac9229a"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "This issue was discovered by David Howells (Red Hat).", "affected_release": [{"advisory": "RHSA-2016:2006", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "kernel-0:2.6.32-642.6.1.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2016-10-04T00:00:00Z"}, {"advisory": "RHSA-2016:2133", "cpe": "cpe:/o:redhat:rhel_aus:6.4", "package": "kernel-0:2.6.32-358.75.1.el6", "product_name": "Red Hat Enterprise Linux 6.4 Advanced Update Support", "release_date": "2016-11-01T00:00:00Z"}, {"advisory": "RHSA-2016:2074", "cpe": "cpe:/o:redhat:rhel_aus:6.5", "package": "kernel-0:2.6.32-431.74.1.el6", "product_name": "Red Hat Enterprise Linux 6.5 Advanced Update Support", "release_date": "2016-10-18T00:00:00Z"}, {"advisory": "RHSA-2016:2128", "cpe": "cpe:/o:redhat:rhel_eus:6.6", "package": "kernel-0:2.6.32-504.54.1.el6", "product_name": "Red Hat Enterprise Linux 6.6 Extended Update Support", "release_date": "2016-10-31T00:00:00Z"}, {"advisory": "RHSA-2016:2076", "cpe": "cpe:/o:redhat:rhel_eus:6.7", "package": "kernel-0:2.6.32-573.35.1.el6", "product_name": "Red Hat Enterprise Linux 6.7 Extended Update Support", "release_date": "2016-10-18T00:00:00Z"}, {"advisory": "RHSA-2016:1541", "cpe": "cpe:/a:redhat:rhel_extras_rt:7", "package": "kernel-rt-0:3.10.0-327.28.2.rt56.234.el7_2", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2016-08-02T00:00:00Z"}, {"advisory": "RHSA-2016:1539", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "kernel-0:3.10.0-327.28.2.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2016-08-02T00:00:00Z"}, {"advisory": "RHSA-2016:1657", "cpe": "cpe:/o:redhat:rhel_eus:7.1", "package": "kernel-0:3.10.0-229.40.1.ael7b", "product_name": "Red Hat Enterprise Linux 7.1 Extended Update Support", "release_date": "2016-08-23T00:00:00Z"}, {"advisory": "RHSA-2016:1532", "cpe": "cpe:/a:redhat:enterprise_mrg:2:server:el6", "package": "kernel-rt-1:3.10.0-327.rt56.194.el6rt", "product_name": "Red Hat Enterprise MRG 2", "release_date": "2016-08-02T00:00:00Z"}], "bugzilla": {"description": "kernel: Uninitialized variable in request_key handling causes kernel crash in error handling path", "id": "1341716", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1341716"}, "csaw": false, "cvss": {"cvss_base_score": "6.9", "cvss_scoring_vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "status": "verified"}, "cvss3": {"cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-253", "details": ["The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command.", "A flaw was found in the Linux kernel's keyring handling code: the key_reject_and_link() function could be forced to free an arbitrary memory block. An attacker could use this flaw to trigger a use-after-free condition on the system, potentially allowing for privilege escalation."], "name": "CVE-2016-4470", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:rhel_eus:6.2", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux Extended Update Support 6.2"}], "public_date": "2016-06-15T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2016-4470\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-4470"], "statement": "This issue affects the Linux kernels as shipped with Red Hat Enterprise Linux 6 and may be addressed in a future update.\nThis issue does not affect the Linux kernel packages as shipped with Red Hat\nEnterprise Linux 7 and Red Hat Enterprise MRG 2 as the due updates to fix\nthis issue have been shipped now.", "threat_severity": "Important"}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object