CVE-2016-4470
First published: Wed Jun 01 2016(Updated: )
A local user can trigger a flaw in the Linux kernel's handling of key lookups in the keychain subsystem. The key_reject_and_link() function contains an error in which a key-lookup can fail and in an attempt to cache the failed lookup may attempt to free memory which can still be in use. This could crash the system or at worse free a memory block which would then be re-used by another kernel mechanism causing a user after free. Product bug: <a class="bz_bug_link bz_secure " title="" href="show_bug.cgi?id=1341352">https://bugzilla.redhat.com/show_bug.cgi?id=1341352</a> Upstream patch: <a href="https://www.spinics.net/lists/linux-kernel-janitors/msg26069.html">https://www.spinics.net/lists/linux-kernel-janitors/msg26069.html</a>
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle VM Server | =3.3 | |
| Oracle VM Server | =3.4 | |
| Oracle Linux | =5.0 | |
| Oracle Linux | =6 | |
| Oracle Linux | =7 | |
| Linux Linux kernel | <=4.6.3 | |
| Novell Suse Linux Enterprise Real Time Extension | =12.0-sp1 | |
| Redhat Enterprise Linux | =6.0 | |
| Redhat Enterprise Linux Desktop | =7.0 | |
| Redhat Enterprise Linux For Real Time | =7.0 | |
| Redhat Enterprise Linux Hpc Node | =7.0 | |
| Redhat Enterprise Linux Hpc Node Eus | =7.0 | |
| Redhat Enterprise Linux Server | =7.0 | |
| Redhat Enterprise Linux Server Aus | =7.2 | |
| Redhat Enterprise Linux Server Eus | =7.2 | |
| Redhat Enterprise Linux Workstation | =7.0 | |
| Redhat Enterprise Mrg | =2.0 | |
| debian/linux | 5.10.223-1 5.10.226-1 6.1.106-3 6.1.112-1 6.11.4-1 6.11.5-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=38327424b40bcebe2de92d07312c89360ac9229a
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00012.html
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00013.html
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00017.html
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00023.html
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00027.html
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html
- http://rhn.redhat.com/errata/RHSA-2016-1532.html
- http://rhn.redhat.com/errata/RHSA-2016-1539.html
- http://rhn.redhat.com/errata/RHSA-2016-1541.html
- http://rhn.redhat.com/errata/RHSA-2016-1657.html
- http://rhn.redhat.com/errata/RHSA-2016-2006.html
- http://rhn.redhat.com/errata/RHSA-2016-2074.html
- http://rhn.redhat.com/errata/RHSA-2016-2076.html
- http://rhn.redhat.com/errata/RHSA-2016-2128.html
- http://rhn.redhat.com/errata/RHSA-2016-2133.html
- http://www.debian.org/security/2016/dsa-3607
- http://www.openwall.com/lists/oss-security/2016/06/15/11
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.securitytracker.com/id/1036763
- http://www.ubuntu.com/usn/USN-3049-1
- http://www.ubuntu.com/usn/USN-3050-1
- http://www.ubuntu.com/usn/USN-3051-1
- http://www.ubuntu.com/usn/USN-3052-1
- http://www.ubuntu.com/usn/USN-3053-1
- http://www.ubuntu.com/usn/USN-3054-1
- http://www.ubuntu.com/usn/USN-3055-1
- http://www.ubuntu.com/usn/USN-3056-1
- http://www.ubuntu.com/usn/USN-3057-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1341716
- https://github.com/torvalds/linux/commit/38327424b40bcebe2de92d07312c89360ac9229a
- https://launchpad.net/bugs/cve/CVE-2016-4470
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1341352
- https://www.spinics.net/lists/linux-kernel-janitors/msg26069.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1346626
- https://rhn.redhat.com/errata/RHSA-2016-1532.html
- https://rhn.redhat.com/errata/RHSA-2016-1539.html
- https://rhn.redhat.com/errata/RHSA-2016-1541.html
- https://rhn.redhat.com/errata/RHSA-2016-1657.html
- https://rhn.redhat.com/errata/RHSA-2016-2006.html
- https://rhn.redhat.com/errata/RHSA-2016-2074.html
- https://rhn.redhat.com/errata/RHSA-2016-2076.html
- https://rhn.redhat.com/errata/RHSA-2016-2128.html
- https://rhn.redhat.com/errata/RHSA-2016-2133.html
- https://security-tracker.debian.org/tracker/CVE-2016-4470
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4470
- https://nvd.nist.gov/vuln/detail/CVE-2016-4470
- https://ubuntu.com/security/CVE-2016-4470
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2016-4470.
What is the severity of CVE-2016-4470?
The severity of CVE-2016-4470 is high with a severity value of 7.
How does CVE-2016-4470 impact the Linux kernel?
CVE-2016-4470 can cause a denial of service (system crash) in the Linux kernel.
Which Linux kernel versions are affected by CVE-2016-4470?
Linux kernel versions through 4.6.3 are affected by CVE-2016-4470.
How can I fix CVE-2016-4470?
To fix CVE-2016-4470, update your Linux kernel to version 4.7 or later.
- collector/nvd-index
- agent/type
- agent/remedy
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2016-4470
- agent/author
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- agent/description
- agent/severity
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/tags
- agent/event
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- collector/usn-cve
- source/Ubuntu
- vendor/oracle
- canonical/oracle vm server
- version/oracle vm server/3.3
- version/oracle vm server/3.4
- canonical/oracle linux
- version/oracle linux/5.0
- version/oracle linux/6
- version/oracle linux/7
- vendor/linux
- canonical/linux linux kernel
- version/linux linux kernel/4.6.3
- vendor/novell
- canonical/novell suse linux enterprise real time extension
- version/novell suse linux enterprise real time extension/12.0-sp1
- vendor/redhat
- canonical/redhat enterprise linux
- version/redhat enterprise linux/6.0
- canonical/redhat enterprise linux desktop
- version/redhat enterprise linux desktop/7.0
- canonical/redhat enterprise linux for real time
- version/redhat enterprise linux for real time/7.0
- canonical/redhat enterprise linux hpc node
- version/redhat enterprise linux hpc node/7.0
- canonical/redhat enterprise linux hpc node eus
- version/redhat enterprise linux hpc node eus/7.0
- canonical/redhat enterprise linux server
- version/redhat enterprise linux server/7.0
- canonical/redhat enterprise linux server aus
- version/redhat enterprise linux server aus/7.2
- canonical/redhat enterprise linux server eus
- version/redhat enterprise linux server eus/7.2
- canonical/redhat enterprise linux workstation
- version/redhat enterprise linux workstation/7.0
- canonical/redhat enterprise mrg
- version/redhat enterprise mrg/2.0
- package-manager/debian