First published: Wed Jun 01 2016(Updated: )
A local user can trigger a flaw in the Linux kernel's handling of key lookups in the keychain subsystem. The key_reject_and_link() function contains an error in which a key-lookup can fail and in an attempt to cache the failed lookup may attempt to free memory which can still be in use. This could crash the system or at worse free a memory block which would then be re-used by another kernel mechanism causing a user after free. Product bug: <a class="bz_bug_link bz_secure " title="" href="show_bug.cgi?id=1341352">https://bugzilla.redhat.com/show_bug.cgi?id=1341352</a> Upstream patch: <a href="https://www.spinics.net/lists/linux-kernel-janitors/msg26069.html">https://www.spinics.net/lists/linux-kernel-janitors/msg26069.html</a>
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Oracle VM Server | =3.3 | |
Oracle VM Server | =3.4 | |
Oracle Linux | =5.0 | |
Oracle Linux | =6 | |
Oracle Linux | =7 | |
Linux Kernel | <=4.6.3 | |
SUSE Linux Enterprise Real Time Extension | =12.0-sp1 | |
Red Hat Enterprise Linux | =6.0 | |
redhat enterprise Linux desktop | =7.0 | |
redhat enterprise Linux for real time | =7.0 | |
Red Hat Enterprise Linux HPC Node | =7.0 | |
Red Hat Enterprise Linux HPC Node | =7.0 | |
redhat enterprise Linux server | =7.0 | |
redhat enterprise Linux server aus | =7.2 | |
redhat enterprise Linux server eus | =7.2 | |
redhat enterprise Linux workstation | =7.0 | |
Red Hat Enterprise MRG | =2.0 | |
debian/linux | 5.10.223-1 5.10.226-1 6.1.123-1 6.1.128-1 6.12.12-1 6.12.13-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2016-4470.
The severity of CVE-2016-4470 is high with a severity value of 7.
CVE-2016-4470 can cause a denial of service (system crash) in the Linux kernel.
Linux kernel versions through 4.6.3 are affected by CVE-2016-4470.
To fix CVE-2016-4470, update your Linux kernel to version 4.7 or later.