Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1395187 (CVE-2016-8650) - CVE-2016-8650 kernel: Null pointer dereference via keyctl
Summary: CVE-2016-8650 kernel: Null pointer dereference via keyctl
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2016-8650
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1398455 1398456 1398457 1398458 1398459 1398460 1398461 1398462 1398463
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-11-15 11:35 UTC by Andrej Nemec
Modified: 2021-02-17 03:02 UTC (History)
32 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2019-06-08 03:02:03 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2017:0931 0 normal SHIPPED_LIVE Important: kernel-rt security and bug fix update 2017-04-12 14:51:25 UTC
Red Hat Product Errata RHSA-2017:0932 0 normal SHIPPED_LIVE Important: kernel-rt security and bug fix update 2017-04-12 14:51:03 UTC
Red Hat Product Errata RHSA-2017:0933 0 normal SHIPPED_LIVE Important: kernel security, bug fix, and enhancement update 2017-04-12 17:29:20 UTC
Red Hat Product Errata RHSA-2018:1854 0 None None None 2018-06-19 04:46:59 UTC

Description Andrej Nemec 2016-11-15 11:35:29 UTC
A flaw was found in the Linux kernel key management subsystem in which a local attacker could crash the kernel or corrupt the stack and additional memory (denial of service) by supplying a specially crafted RSA key.  This flaw panics the machine during the verification of the RSA key and is key-payload independant.

This vulnerably can be triggered by any unprivileged user with a local shell account.

References:

http://seclists.org/fulldisclosure/2016/Nov/76

Product bug:

https://bugzilla.redhat.com/show_bug.cgi?id=1343162

Comment 1 Wade Mealing 2016-11-24 07:13:14 UTC
Statement:

This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7, MRG-2 and realtime kernels.

This issue does not affect kernels that ship with Red Hat Enterprise Linux 5.

Comment 4 Andrej Nemec 2016-11-24 08:54:24 UTC
Proposed patch:

https://lkml.org/lkml/2016/11/23/477

Comment 9 Wade Mealing 2016-11-24 23:37:57 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1398463]

Comment 10 errata-xmlrpc 2017-04-12 10:51:53 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise MRG 2

Via RHSA-2017:0932 https://access.redhat.com/errata/RHSA-2017:0932

Comment 11 errata-xmlrpc 2017-04-12 10:55:35 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2017:0931 https://access.redhat.com/errata/RHSA-2017:0931

Comment 12 errata-xmlrpc 2017-04-12 13:29:52 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2017:0933 https://access.redhat.com/errata/RHSA-2017:0933

Comment 14 errata-xmlrpc 2018-06-19 04:46:42 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2018:1854 https://access.redhat.com/errata/RHSA-2018:1854


Note You need to log in before you can comment on or make changes to this bug.