5.5
CVE-2016-8650
- EPSS 0.41%
- Veröffentlicht 28.11.2016 03:59:09
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
The mpi_powm function in lib/mpi/mpi-pow.c in the Linux kernel through 4.8.11 does not ensure that memory is allocated for limb data, which allows local users to cause a denial of service (stack memory corruption and panic) via an add_key system call for an RSA key with a zero exponent.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version <= 4.8.11
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.41% | 0.322 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 4.9 | 3.9 | 6.9 |
AV:L/AC:L/Au:N/C:N/I:N/A:C
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://www.securitytracker.com/id/1037968
https://source.android.com/security/bulletin/2017-03-01.html
https://access.redhat.com/errata/RHSA-2018:1854
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f5527fffff3f002b0a6b376163613b82f69de073
http://seclists.org/fulldisclosure/2016/Nov/76
http://www.openwall.com/lists/oss-security/2016/11/24/8
http://www.securityfocus.com/bid/94532
https://access.redhat.com/errata/RHSA-2017:0931
https://access.redhat.com/errata/RHSA-2017:0932
https://access.redhat.com/errata/RHSA-2017:0933
https://bugzilla.redhat.com/show_bug.cgi?id=1395187
https://github.com/torvalds/linux/commit/f5527fffff3f002b0a6b376163613b82f69de073