7.8

CVE-2016-0728

The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GoogleAndroid Version4.0
GoogleAndroid Version4.0.1
GoogleAndroid Version4.0.2
GoogleAndroid Version4.0.3
GoogleAndroid Version4.0.4
GoogleAndroid Version4.1
GoogleAndroid Version4.1.2
GoogleAndroid Version4.2
GoogleAndroid Version4.2.1
GoogleAndroid Version4.2.2
GoogleAndroid Version4.3
GoogleAndroid Version4.3.1
GoogleAndroid Version4.4
GoogleAndroid Version4.4.1
GoogleAndroid Version4.4.2
GoogleAndroid Version4.4.3
GoogleAndroid Version5.0
GoogleAndroid Version5.0.1
GoogleAndroid Version5.0.2
GoogleAndroid Version5.1
GoogleAndroid Version5.1.0
GoogleAndroid Version5.1.1
GoogleAndroid Version6.0
GoogleAndroid Version6.0.1
HpServer Migration Pack Version <= 7.5
LinuxLinux Kernel Version >= 3.8 < 3.10.95
LinuxLinux Kernel Version >= 3.11 < 3.12.53
LinuxLinux Kernel Version >= 3.13 < 3.14.59
LinuxLinux Kernel Version >= 3.15 < 3.16.35
LinuxLinux Kernel Version >= 3.17 < 3.18.26
LinuxLinux Kernel Version >= 3.19 < 4.1.16
LinuxLinux Kernel Version >= 4.2 < 4.3.4
LinuxLinux Kernel Version >= 4.4 < 4.4.1
DebianDebian Linux Version8.0
CanonicalUbuntu Linux Version12.04 SwEdition-
CanonicalUbuntu Linux Version14.04 SwEditionesm
CanonicalUbuntu Linux Version15.04
CanonicalUbuntu Linux Version15.10
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.65% 0.881
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0068.html
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00033.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00034.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00035.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00038.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00039.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00040.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00041.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00043.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00044.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00045.html
Third Party Advisory
Mailing List
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176484.html
Third Party Advisory
Mailing List
http://www.debian.org/security/2016/dsa-3448
Third Party Advisory
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.1
Vendor Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176194.html
Third Party Advisory
Mailing List
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=23567fd052a9abb6d67fe8e7a9ccdd9800a540f2
Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00026.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00012.html
Third Party Advisory
Mailing List
http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-2016-0728/
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0064.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0065.html
Third Party Advisory
http://source.android.com/security/bulletin/2016-03-01.html
Vendor Advisory
http://www.openwall.com/lists/oss-security/2016/01/19/2
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/81054
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1034701
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/USN-2870-1
Third Party Advisory
http://www.ubuntu.com/usn/USN-2870-2
Third Party Advisory
http://www.ubuntu.com/usn/USN-2871-1
Third Party Advisory
http://www.ubuntu.com/usn/USN-2871-2
Third Party Advisory
http://www.ubuntu.com/usn/USN-2872-1
Third Party Advisory
http://www.ubuntu.com/usn/USN-2872-2
Third Party Advisory
http://www.ubuntu.com/usn/USN-2872-3
Third Party Advisory
http://www.ubuntu.com/usn/USN-2873-1
Third Party Advisory
https://bto.bluecoat.com/security-advisory/sa112
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1297475
Third Party Advisory
Issue Tracking
https://github.com/torvalds/linux/commit/23567fd052a9abb6d67fe8e7a9ccdd9800a540f2
Third Party Advisory
https://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05018265
Third Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05130958
Third Party Advisory
https://security.netapp.com/advisory/ntap-20160211-0001/
Third Party Advisory
https://www.exploit-db.com/exploits/39277/
Third Party Advisory
VDB Entry