5.5

CVE-2016-8650

The mpi_powm function in lib/mpi/mpi-pow.c in the Linux kernel through 4.8.11 does not ensure that memory is allocated for limb data, which allows local users to cause a denial of service (stack memory corruption and panic) via an add_key system call for an RSA key with a zero exponent.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version <= 4.8.11
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.41% 0.322
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 4.9 3.9 6.9
AV:L/AC:L/Au:N/C:N/I:N/A:C
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.securitytracker.com/id/1037968
https://source.android.com/security/bulletin/2017-03-01.html
https://access.redhat.com/errata/RHSA-2018:1854
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f5527fffff3f002b0a6b376163613b82f69de073
Patch
Vendor Advisory
Issue Tracking
http://seclists.org/fulldisclosure/2016/Nov/76
Mailing List
http://www.openwall.com/lists/oss-security/2016/11/24/8
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/94532
https://access.redhat.com/errata/RHSA-2017:0931
https://access.redhat.com/errata/RHSA-2017:0932
https://access.redhat.com/errata/RHSA-2017:0933
https://bugzilla.redhat.com/show_bug.cgi?id=1395187
Issue Tracking
https://github.com/torvalds/linux/commit/f5527fffff3f002b0a6b376163613b82f69de073
Patch
Third Party Advisory
Issue Tracking