{ "threat_severity" : "Important", "public_date" : "2016-06-15T00:00:00Z", "bugzilla" : { "description" : "kernel: Uninitialized variable in request_key handling causes kernel crash in error handling path", "id" : "1341716", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1341716" }, "cvss" : { "cvss_base_score" : "6.9", "cvss_scoring_vector" : "AV:L/AC:M/Au:N/C:C/I:C/A:C", "status" : "verified" }, "cvss3" : { "cvss3_base_score" : "7.8", "cvss3_scoring_vector" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status" : "verified" }, "cwe" : "CWE-253", "details" : [ "The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command.", "A flaw was found in the Linux kernel's keyring handling code: the key_reject_and_link() function could be forced to free an arbitrary memory block. An attacker could use this flaw to trigger a use-after-free condition on the system, potentially allowing for privilege escalation." ], "statement" : "This issue affects the Linux kernels as shipped with Red Hat Enterprise Linux 6 and may be addressed in a future update.\nThis issue does not affect the Linux kernel packages as shipped with Red Hat\nEnterprise Linux 7 and Red Hat Enterprise MRG 2 as the due updates to fix\nthis issue have been shipped now.", "acknowledgement" : "This issue was discovered by David Howells (Red Hat).", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 6", "release_date" : "2016-10-04T00:00:00Z", "advisory" : "RHSA-2016:2006", "cpe" : "cpe:/o:redhat:enterprise_linux:6", "package" : "kernel-0:2.6.32-642.6.1.el6" }, { "product_name" : "Red Hat Enterprise Linux 6.4 Advanced Update Support", "release_date" : "2016-11-01T00:00:00Z", "advisory" : "RHSA-2016:2133", "cpe" : "cpe:/o:redhat:rhel_aus:6.4", "package" : "kernel-0:2.6.32-358.75.1.el6" }, { "product_name" : "Red Hat Enterprise Linux 6.5 Advanced Update Support", "release_date" : "2016-10-18T00:00:00Z", "advisory" : "RHSA-2016:2074", "cpe" : "cpe:/o:redhat:rhel_aus:6.5", "package" : "kernel-0:2.6.32-431.74.1.el6" }, { "product_name" : "Red Hat Enterprise Linux 6.6 Extended Update Support", "release_date" : "2016-10-31T00:00:00Z", "advisory" : "RHSA-2016:2128", "cpe" : "cpe:/o:redhat:rhel_eus:6.6", "package" : "kernel-0:2.6.32-504.54.1.el6" }, { "product_name" : "Red Hat Enterprise Linux 6.7 Extended Update Support", "release_date" : "2016-10-18T00:00:00Z", "advisory" : "RHSA-2016:2076", "cpe" : "cpe:/o:redhat:rhel_eus:6.7", "package" : "kernel-0:2.6.32-573.35.1.el6" }, { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2016-08-02T00:00:00Z", "advisory" : "RHSA-2016:1541", "cpe" : "cpe:/a:redhat:rhel_extras_rt:7", "package" : "kernel-rt-0:3.10.0-327.28.2.rt56.234.el7_2" }, { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2016-08-02T00:00:00Z", "advisory" : "RHSA-2016:1539", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "kernel-0:3.10.0-327.28.2.el7" }, { "product_name" : "Red Hat Enterprise Linux 7.1 Extended Update Support", "release_date" : "2016-08-23T00:00:00Z", "advisory" : "RHSA-2016:1657", "cpe" : "cpe:/o:redhat:rhel_eus:7.1", "package" : "kernel-0:3.10.0-229.40.1.ael7b" }, { "product_name" : "Red Hat Enterprise MRG 2", "release_date" : "2016-08-02T00:00:00Z", "advisory" : "RHSA-2016:1532", "cpe" : "cpe:/a:redhat:enterprise_mrg:2:server:el6", "package" : "kernel-rt-1:3.10.0-327.rt56.194.el6rt" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 5", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:5" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2016-4470\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-4470" ], "name" : "CVE-2016-4470", "csaw" : false }