oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Linux kernel: CVE-2016-8650 : Local denial of service with in key subsystem

From: Wade Mealing <wmealing () redhat com>
Date: Fri, 25 Nov 2016 10:25:20 +1100
Gday,

A flaw was found in the Linux kernel key management subsystem in which
a local attacker could crash the kernel (denial of service) or corrupt
the stack and additional memory by supplying a specially crafted RSA
key.  This flaw panics the machine during the verification of the RSA
key and seems to do a 1 byte corruption of the stack.

This vulnerably can be triggered by any unprivileged user with a local
shell account.

Upstream fix:

https://lkml.org/lkml/2016/11/23/477

Red Hat bug:

https://bugzilla.redhat.com/show_bug.cgi?id=1395187
Previous By Date Next
Previous By Thread Next

Current thread: