CVE-2016-0728

The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands.
Severity
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Atk. Vector
LOCAL
Atk. Complexity
LOW
Priv. Required
LOW
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
VendorProductVersion
googleandroid
4.0
googleandroid
4.0.1
googleandroid
4.0.2
googleandroid
4.0.3
googleandroid
4.0.4
googleandroid
4.1
googleandroid
4.1.2
googleandroid
4.2
googleandroid
4.2.1
googleandroid
4.2.2
googleandroid
4.3
googleandroid
4.3.1
googleandroid
4.4
googleandroid
4.4.1
googleandroid
4.4.2
googleandroid
4.4.3
googleandroid
5.0
googleandroid
5.0.1
googleandroid
5.0.2
googleandroid
5.1
googleandroid
5.1.0
googleandroid
5.1.1
googleandroid
6.0
googleandroid
6.0.1
hpserver_migration_pack
𝑥
≤ 7.5
linuxlinux_kernel
3.8 ≤
𝑥
< 3.10.95
linuxlinux_kernel
3.11 ≤
𝑥
< 3.12.53
linuxlinux_kernel
3.13 ≤
𝑥
< 3.14.59
linuxlinux_kernel
3.15 ≤
𝑥
< 3.16.35
linuxlinux_kernel
3.17 ≤
𝑥
< 3.18.26
linuxlinux_kernel
3.19 ≤
𝑥
< 4.1.16
linuxlinux_kernel
4.2 ≤
𝑥
< 4.3.4
linuxlinux_kernel
4.4 ≤
𝑥
< 4.4.1
debiandebian_linux
8.0
canonicalubuntu_linux
12.04
canonicalubuntu_linux
14.04
canonicalubuntu_linux
15.04
canonicalubuntu_linux
15.10
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bullseye
5.10.223-1
fixed
wheezy
not-affected
bullseye (security)
5.10.226-1
fixed
bookworm
6.1.106-3
fixed
bookworm (security)
6.1.112-1
fixed
trixie
6.11.5-1
fixed
sid
6.11.6-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
linux
yakkety
not-affected
xenial
not-affected
wily
Fixed 4.2.0-25.30
released
vivid
Fixed 3.19.0-47.53
released
trusty
Fixed 3.13.0-76.120
released
precise
not-affected
linux-armadaxp
yakkety
dne
xenial
dne
wily
dne
vivid
dne
trusty
dne
precise
not-affected
linux-aws
yakkety
dne
xenial
not-affected
trusty
not-affected
precise
dne
linux-flo
yakkety
not-affected
xenial
not-affected
wily
not-affected
vivid
not-affected
trusty
dne
precise
dne
linux-fsl-imx51
yakkety
dne
xenial
dne
wily
dne
vivid
dne
trusty
dne
precise
dne
linux-gke
yakkety
dne
xenial
not-affected
trusty
dne
precise
dne
linux-goldfish
yakkety
not-affected
xenial
not-affected
wily
not-affected
vivid
not-affected
trusty
dne
precise
dne
linux-grouper
yakkety
dne
xenial
dne
wily
dne
vivid
dne
trusty
dne
precise
dne
linux-hwe
yakkety
dne
xenial
not-affected
trusty
dne
precise
dne
linux-hwe-edge
yakkety
dne
xenial
not-affected
trusty
dne
precise
dne
linux-linaro-omap
yakkety
dne
xenial
dne
wily
dne
vivid
dne
trusty
dne
precise
ignored
linux-linaro-shared
yakkety
dne
xenial
dne
wily
dne
vivid
dne
trusty
dne
precise
ignored
linux-linaro-vexpress
yakkety
dne
xenial
dne
wily
dne
vivid
dne
trusty
dne
precise
ignored
linux-lts-quantal
yakkety
dne
xenial
dne
wily
dne
vivid
dne
trusty
dne
precise
ignored
linux-lts-raring
yakkety
dne
xenial
dne
wily
dne
vivid
dne
trusty
dne
precise
ignored
linux-lts-saucy
yakkety
dne
xenial
dne
wily
dne
vivid
dne
trusty
dne
precise
ignored
linux-lts-trusty
yakkety
dne
xenial
dne
wily
dne
vivid
dne
trusty
dne
precise
Fixed 3.13.0-76.120~precise1
released
linux-lts-utopic
yakkety
dne
xenial
dne
wily
dne
vivid
dne
trusty
Fixed 3.16.0-59.79~14.04.1
released
precise
dne
linux-lts-vivid
yakkety
dne
xenial
dne
wily
dne
vivid
dne
trusty
Fixed 3.19.0-47.53~14.04.1
released
precise
dne
linux-lts-wily
yakkety
dne
xenial
dne
wily
dne
vivid
dne
trusty
Fixed 4.2.0-25.30~14.04.1
released
precise
dne
linux-lts-xenial
yakkety
dne
xenial
dne
wily
dne
vivid
dne
trusty
not-affected
precise
dne
linux-maguro
yakkety
dne
xenial
dne
wily
dne
vivid
dne
trusty
dne
precise
dne
linux-mako
yakkety
not-affected
xenial
not-affected
wily
not-affected
vivid
not-affected
trusty
dne
precise
dne
linux-manta
yakkety
dne
xenial
dne
wily
not-affected
vivid
not-affected
trusty
dne
precise
dne
linux-qcm-msm
yakkety
dne
xenial
dne
wily
dne
vivid
dne
trusty
dne
precise
ignored
linux-raspi2
yakkety
not-affected
xenial
not-affected
wily
Fixed 4.2.0-1020.27
released
vivid
dne
trusty
dne
precise
dne
linux-snapdragon
yakkety
not-affected
xenial
not-affected
wily
dne
trusty
dne
precise
dne
linux-ti-omap4
yakkety
dne
xenial
dne
wily
dne
vivid
dne
trusty
dne
precise
not-affected
References