oss-sec mailing list archives
Linux kernel: CVE-2016-8650 : Local denial of service with in key subsystem
From: Wade Mealing <wmealing () redhat com>
Date: Fri, 25 Nov 2016 10:25:20 +1100
Gday, A flaw was found in the Linux kernel key management subsystem in which a local attacker could crash the kernel (denial of service) or corrupt the stack and additional memory by supplying a specially crafted RSA key. This flaw panics the machine during the verification of the RSA key and seems to do a 1 byte corruption of the stack. This vulnerably can be triggered by any unprivileged user with a local shell account. Upstream fix: https://lkml.org/lkml/2016/11/23/477 Red Hat bug: https://bugzilla.redhat.com/show_bug.cgi?id=1395187
Current thread:
- Linux kernel: CVE-2016-8650 : Local denial of service with in key subsystem Wade Mealing (Nov 24)