CVE-2016-0728
published 2016-02-08CVE-2016-0728: The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which…
PriorityP277high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
ITWEXPLOITVulnCheck KEVInitial access
Exploited in the wild
EPSS
3.65%
88.2th percentile
The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands.
Affected
44 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | linux | < linux 4.3.3-6 (bookworm) | linux 4.3.3-6 (bookworm) |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect repeated KEYCTL_JOIN_SESSION_KEYRING syscalls in a tight loop from a single process — the exploit increments the keyring refcount from 1 to 0xfffffffd to trigger integer overflow. ↗
- →Alert on KEYCTL_REVOKE issued against KEY_SPEC_SESSION_KEYRING immediately after a high-volume KEYCTL_JOIN_SESSION_KEYRING loop — this is the trigger step of the use-after-free exploit. ↗
- →Flag processes reading /proc/kallsyms to resolve commit_creds and prepare_kernel_cred symbols — used by the modified exploit variant to locate privilege-escalation gadgets without hardcoded addresses. ↗
- ·The exploit uses hardcoded kernel symbol addresses (commit_creds, prepare_kernel_cred) that are specific to a particular kernel build; the variant reading /proc/kallsyms dynamically resolves these and is more portable. ↗
- ·The exploit requires the keyutils library at compile time (-lkeyutils) and must be run with a keyring name argument; detection should account for the compiled binary name cve_2016_0728 as well as renamed variants. ↗
- ·The vulnerability affects Linux kernel before 4.4.1; systems running 4.4.1 or later with the patch applied are not susceptible to this specific refcount overflow in join_session_keyring. ↗
- ·grsecurity/PaX mitigations prevent this exploit; the modified exploit variant explicitly notes this limitation. ↗
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
osv7.8HIGH
vulncheck7.8HIGH
vendor_debian7.8HIGH
vendor_redhat7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-pm5x-hxhr-68w7: The join_session_keyring function in security/keys/process_keys
ghsa_unreviewed·2022-05-17
CVE-2016-0728 [HIGH] GHSA-pm5x-hxhr-68w7: The join_session_keyring function in security/keys/process_keys
The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands.
Kernel
locking/refcounts, x86/asm: Implement fast refcount overflow protection
kernel_security·2017-08-15
locking/refcounts, x86/asm: Implement fast refcount overflow protection
locking/refcounts, x86/asm: Implement fast refcount overflow protection
This implements refcount_t overflow protection on x86 without a noticeable
performance impact, though without the fuller checking of REFCOUNT_FULL.
This is done by duplicating the existing atomic_t refcount implementation
but with normally a single instruction added to detect if the refcount
has gone negative (e.g. wrapped past INT_MAX or below zero). When detected,
the handler saturates the refcount_t to INT_MIN / 2. With this overflow
protection, the erroneous reference release that would follow a wrap back
to zero is blocked from happening, avoiding the class of refcount-overflow
use-after-free vulnerabilities entirely.
Only the overflow case of refcounting can be perfectly protected, since
it can be detected and
OSV
CVE-2016-0728: The join_session_keyring function in security/keys/process_keys
osv·2016-02-08·CVSS 7.8
CVE-2016-0728 [HIGH] CVE-2016-0728: The join_session_keyring function in security/keys/process_keys
The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands.
Kernel
KEYS: Fix keyring ref leak in join_session_keyring()
kernel_security·2016-01-19·CVSS 7.8
CVE-2016-0728 [HIGH] KEYS: Fix keyring ref leak in join_session_keyring()
KEYS: Fix keyring ref leak in join_session_keyring()
This fixes CVE-2016-0728.
If a thread is asked to join as a session keyring the keyring that's already
set as its session, we leak a keyring reference.
This can be tested with the following program:
#include
#include
#include
#include
int main(int argc, const char *argv[])
{
int i = 0;
key_serial_t serial;
serial = keyctl(KEYCTL_JOIN_SESSION_KEYRING,
"leaked-keyring");
if (serial
Signed-off-by: David Howells
Acked-by: Don Zickus
Acked-by: Prarit Bhargava
Acked-by: Jarod Wilson
Signed-off-by: James Morris
VulnCheck
Google Android Integer Overflow or Wraparound
vulncheck·2016·CVSS 7.8
CVE-2016-0728 [HIGH] Google Android Integer Overflow or Wraparound
Google Android Integer Overflow or Wraparound
The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands.
Affected: Google Android
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.recordedfuture.com/russian-apt-toolkits
Exploit PoC: https://vulncheck.com/xdb/8ba59584fab9; https://vulncheck.com/xdb/3d71a9ec0913; https://vulncheck.com/xdb/dcea021582fd; https://vulncheck.com/xdb/7d4197c41f6b; https://vulncheck.com/xdb
Android
CVE-2016-0728: Android Security Bulletin 2016-03-01
CVE: CVE-2016-0728
Severity: CRITICAL
Affected AOSP versions: 4
vendor_android·2016-03-01·CVSS 7.8
CVE-2016-0728 [HIGH] CVE-2016-0728: Android Security Bulletin 2016-03-01
CVE: CVE-2016-0728
Severity: CRITICAL
Affected AOSP versions: 4
Android Security Bulletin 2016-03-01
CVE: CVE-2016-0728
Severity: CRITICAL
Affected AOSP versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1
Ubuntu
Linux kernel vulnerability
vendor_ubuntu·2016-01-19
CVE-2016-0728 Linux kernel vulnerability
Title: Linux kernel vulnerability
Summary: The system could be made to crash or run programs as an administrator.
Yevgeny Pats discovered that the session keyring implementation in the
Linux kernel did not properly reference count when joining an existing
session keyring. A local attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code with
administrative privileges.
Instructions: After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackage
Ubuntu
Linux kernel (Utopic HWE) vulnerability
vendor_ubuntu·2016-01-19
CVE-2016-0728 Linux kernel (Utopic HWE) vulnerability
Title: Linux kernel (Utopic HWE) vulnerability
Summary: The system could be made to crash or run programs as an administrator.
Yevgeny Pats discovered that the session keyring implementation in the
Linux kernel did not properly reference count when joining an existing
session keyring. A local attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code with
administrative privileges.
Instructions: After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kerne
Ubuntu
Linux kernel (Trusty HWE) vulnerability
vendor_ubuntu·2016-01-19
CVE-2016-0728 Linux kernel (Trusty HWE) vulnerability
Title: Linux kernel (Trusty HWE) vulnerability
Summary: The system could be made to crash or run programs as an administrator.
Yevgeny Pats discovered that the session keyring implementation in the
Linux kernel did not properly reference count when joining an existing
session keyring. A local attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code with
administrative privileges.
Instructions: After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kerne
Ubuntu
Linux kernel (Raspberry Pi 2) vulnerability
vendor_ubuntu·2016-01-19
CVE-2016-0728 Linux kernel (Raspberry Pi 2) vulnerability
Title: Linux kernel (Raspberry Pi 2) vulnerability
Summary: The system could be made to crash or run programs as an administrator.
Yevgeny Pats discovered that the session keyring implementation in the
Linux kernel did not properly reference count when joining an existing
session keyring. A local attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code with
administrative privileges.
Instructions: After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard k
Red Hat
kernel: Possible use-after-free vulnerability in keyring facility
vendor_redhat·2016-01-19·CVSS 7.8
CVE-2016-0728 [HIGH] CWE-416 kernel: Possible use-after-free vulnerability in keyring facility
kernel: Possible use-after-free vulnerability in keyring facility
The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands.
A use-after-free flaw was found in the way the Linux kernel's key management subsystem handled keyring object reference counting in certain error path of the join_session_keyring() function. A local, unprivileged user could use this flaw to escalate their privileges on the system.
Statement: This issue does not affect the Linux kernels as shipped with Red Hat Enterprise Linux 5 and 6.
Refer to https://access.redhat.com/node/2131021 fo
Ubuntu
Linux kernel (Vivid HWE) vulnerability
vendor_ubuntu·2016-01-19
CVE-2016-0728 Linux kernel (Vivid HWE) vulnerability
Title: Linux kernel (Vivid HWE) vulnerability
Summary: The system could be made to crash or run programs as an administrator.
Yevgeny Pats discovered that the session keyring implementation in the
Linux kernel did not properly reference count when joining an existing
session keyring. A local attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code with
administrative privileges.
Instructions: After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel
Ubuntu
Linux kernel (Wily HWE) vulnerability
vendor_ubuntu·2016-01-19
CVE-2016-0728 Linux kernel (Wily HWE) vulnerability
Title: Linux kernel (Wily HWE) vulnerability
Summary: The system could be made to crash or run programs as an administrator.
Yevgeny Pats discovered that the session keyring implementation in the
Linux kernel did not properly reference count when joining an existing
session keyring. A local attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code with
administrative privileges.
Instructions: After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel
Debian
CVE-2016-0728: linux - The join_session_keyring function in security/keys/process_keys.c in the Linux k...
vendor_debian·2016·CVSS 7.8
CVE-2016-0728 [HIGH] CVE-2016-0728: linux - The join_session_keyring function in security/keys/process_keys.c in the Linux k...
The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands.
Scope: local
bookworm: resolved (fixed in 4.3.3-6)
bullseye: resolved (fixed in 4.3.3-6)
forky: resolved (fixed in 4.3.3-6)
sid: resolved (fixed in 4.3.3-6)
trixie: resolved (fixed in 4.3.3-6)
No detection rules found.
Exploit-DB
Linux Kernel 4.4.1 - REFCOUNT Overflow Use-After-Free in Keyrings Local Privilege Escalation (1)
exploitdb·2016-01-19·CVSS 7.8
CVE-2016-0728 [HIGH] Linux Kernel 4.4.1 - REFCOUNT Overflow Use-After-Free in Keyrings Local Privilege Escalation (1)
Linux Kernel 4.4.1 - REFCOUNT Overflow Use-After-Free in Keyrings Local Privilege Escalation (1)
---
/*
# Exploit Title: Linux kernel REFCOUNT overflow/Use-After-Free in keyrings
# Date: 19/1/2016
# Exploit Author: Perception Point Team
# CVE : CVE-2016-0728
*/
/* $ gcc cve_2016_0728.c -o cve_2016_0728 -lkeyutils -Wall */
/* $ ./cve_2016_072 PP_KEY */
/* EDB-Note: More information ~ http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-2016-0728/ */
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
typedef int __attribute__((regparm(3))) (* _commit_creds)(unsigned long cred);
typedef unsigned long __attribute__((regparm(3))) (* _prepare_kernel_cred)(unsigned long cred);
_commit_creds commit_creds;
Exploit-DB
Linux Kernel 4.4.1 - REFCOUNT Overflow Use-After-Free in Keyrings Local Privilege Escalation (2)
exploitdb·2016-01-19·CVSS 7.8
CVE-2016-0728 [HIGH] Linux Kernel 4.4.1 - REFCOUNT Overflow Use-After-Free in Keyrings Local Privilege Escalation (2)
Linux Kernel 4.4.1 - REFCOUNT Overflow Use-After-Free in Keyrings Local Privilege Escalation (2)
---
/*
# Exploit Title: Linux kernel REFCOUNT overflow/Use-After-Free in keyrings
# Date: 19/1/2016
# Exploit Author: Perception Point Team
# CVE : CVE-2016-0728
*/
/* CVE-2016-0728 local root exploit
modified by Federico Bento to read kernel symbols from /proc/kallsyms
props to grsecurity/PaX for preventing this in so many ways
$ gcc cve_2016_0728.c -o cve_2016_0728 -lkeyutils -Wall
$ ./cve_2016_072 PP_KEY */
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
typedef int __attribute__((regparm(3))) (* _commit_creds)(unsigned long cred);
typedef unsigned long __attribute__((regparm(3))) (* _prepare_kernel_cred)(unsigned long cred);
_commit_creds com
arXiv
Programmable System Call Security with eBPF
arxiv_fulltext·2023-02-20
Programmable System Call Security with eBPF
Programmable System Call Security with eBPF
Jinghao Jia^1, YiFei Zhu^2, Dan Williams^3, Andrea Arcangeli^4, Claudio Canella^5, Hubertus Franke^6,
Tobin Feldman-Fitzthum^6, Dimitrios Skarlatos^7, Daniel Gruss^8, Tianyin Xu^1
^1University of Illinois at Urbana-Champaign, Urbana, IL, USA
^2Google, Inc., Sunnyvale, CA, USA
^3Virginia Tech, Blacksburg, VA, USA
^4Red Hat, Inc., New York, NY, USA
^5Amazon Web Services, Graz, Austria
^6IBM Research, Yorktown Heights, NY, USA
^7Carnegie Mellon University, Pittsburgh, PA, USA
^8Graz University of Technology, Graz, Austria
## Abstract
System call filtering is a widely used security mechanism
for protecting a shared OS kernel
against untrusted user applications.
However, existing system call filtering techniques either are
too expensive du
arXiv
Towards Linux Kernel Memory Safety
arxiv_fulltext·2017-10-17
Towards Linux Kernel Memory Safety
0.5cm1cm
[1]
printacmref=false
plain
[C]
Towards Linux Kernel Memory Safety
Elena Reshetova
Intel OTC Finland
Espoo
Finland
[email protected]
Hans Liljestrand
Aalto University
Espoo
Finland
[email protected]
Andrew Paverd
Aalto University
Espoo
Finland
[email protected]
N.Asokan
Aalto University
Espoo
Finland
[email protected]
E. Reshetova et al.
Submission 44
Submission 44
CCSXML
10002978.10003006.10003007
Security and privacy Operating systems security
500
CCSXML
[500]Security and privacy Operating systems security
Linux kernel, memory safety
## Abstract
The security of billions of devices worldwide depends on the security and robustness of the mainline Linux kernel.
However, the increasing number of kernel-specific vulnerabilities, especiall
arXiv
Data-driven software security: Models and methods
arxiv_fulltext·2016-05-27
Data-driven software security: Models and methods
## Abstract
For computer software, our security models, policies, mechanisms, and means of assurance were primarily conceived and developed before the end of the 1970's. However, since that time, software has changed radically: it is thousands of times larger, comprises countless libraries, layers, and services, and is used for more purposes, in far more complex ways. It is worthwhile to revisit our core computer security concepts. For example, it is unclear whether the Principle of Least Privilege can help dictate security policy, when software is too complex for either its developers or its users to explain its intended behavior.
One possibility is to take an empirical, data-driven approach to modern software, and determine its exact, concrete behavior via comprehensive, online monitor
Unit42
A Look Into Fysbis: Sofacy’s Linux Backdoor
blogs_unit42·2016-02-12
A Look Into Fysbis: Sofacy’s Linux Backdoor
## A Look Into Fysbis: Sofacy’s Linux Backdoor
Bryan Lee
Rob Downs
Published: February 12, 2016
Malware
Threat Actor Groups
Threat Research
Fighting Ursa
Fysbis
Linux
Sofacy
## Introduction
The Sofacy group, also known as APT28 and Sednit, is a fairly well known cyber espionage group believed to have ties to Russia. Their targets have spanned all across the world, with a focus on government, defense organizations and various Eastern European governments. There have been numerous reports on their activities, to the extent that a Wikipedia entry has even been created for them.
From these reports, we know that the group uses an abundance of tools and tactics, ranging across zero-day exploits targeting common applications such as Java or Microsoft Office, heavy use of spear-phi
Unit42
A Look Into Fysbis: Sofacy’s Linux Backdoor
blogs_unit42·2016-02-12
A Look Into Fysbis: Sofacy’s Linux Backdoor
### Introduction
The Sofacy group, also known as APT28 and Sednit, is a fairly well known cyber espionage group believed to have ties to Russia. Their targets have spanned all across the world, with a focus on government, defense organizations and various Eastern European governments. There have been numerous reports on their activities, to the extent that a Wikipedia entry has even been created for them.
From these reports, we know that the group uses an abundance of tools and tactics, ranging across zero-day exploits targeting common applications such as Java or Microsoft Office, heavy use of spear-phishing attacks, compromising legitimate websites to stage watering-hole attacks, and targeting over a variety of operating systems – Windows, OSX, Linux, even mobile iOS.
The Linux malwar
Bugzilla
CVE-2016-0728 kernel: Possible use-after-free vulnerability in keyring facility
bugzilla·2016-01-11·CVSS 7.8
CVE-2016-0728 [HIGH] CVE-2016-0728 kernel: Possible use-after-free vulnerability in keyring facility
CVE-2016-0728 kernel: Possible use-after-free vulnerability in keyring facility
It was reported that possible use-after-free vulnerability in keyring facility, possibly leading to local privilege escalation, was found. Function join_session_keyring in security/keys/process_keys.c holds a reference to the requested keyring, but if that keyring is the same as the one being currently used by the process, the kernel wouldn't decrease keyring->usage before returning to userspace. The usage field can be possibly overflowed causing use-after-free on the keyring object.
Introduced by:
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3a50597de8635cd05133bd12c95681c82fe7b878
References:
http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vuln
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=23567fd052a9abb6d67fe8e7a9ccdd9800a540f2http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176484.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-January/176194.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-01/msg00026.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-02/msg00012.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00033.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00034.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00035.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00038.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00039.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00040.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00041.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00043.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00044.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00045.htmlhttp://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-2016-0728/http://rhn.redhat.com/errata/RHSA-2016-0064.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0065.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0068.htmlhttp://source.android.com/security/bulletin/2016-03-01.htmlhttp://www.debian.org/security/2016/dsa-3448http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.1http://www.openwall.com/lists/oss-security/2016/01/19/2http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.htmlhttp://www.securityfocus.com/bid/81054http://www.securitytracker.com/id/1034701http://www.ubuntu.com/usn/USN-2870-1http://www.ubuntu.com/usn/USN-2870-2http://www.ubuntu.com/usn/USN-2871-1http://www.ubuntu.com/usn/USN-2871-2http://www.ubuntu.com/usn/USN-2872-1http://www.ubuntu.com/usn/USN-2872-2http://www.ubuntu.com/usn/USN-2872-3http://www.ubuntu.com/usn/USN-2873-1https://bto.bluecoat.com/security-advisory/sa112https://bugzilla.redhat.com/show_bug.cgi?id=1297475https://github.com/torvalds/linux/commit/23567fd052a9abb6d67fe8e7a9ccdd9800a540f2https://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05018265https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05130958https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380https://security.netapp.com/advisory/ntap-20160211-0001/https://www.exploit-db.com/exploits/39277/http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=23567fd052a9abb6d67fe8e7a9ccdd9800a540f2http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176484.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-January/176194.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-01/msg00026.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-02/msg00012.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00033.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00034.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00035.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00038.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00039.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00040.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00041.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00043.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00044.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-03/msg00045.htmlhttp://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-2016-0728/http://rhn.redhat.com/errata/RHSA-2016-0064.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0065.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0068.htmlhttp://source.android.com/security/bulletin/2016-03-01.htmlhttp://www.debian.org/security/2016/dsa-3448http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.1http://www.openwall.com/lists/oss-security/2016/01/19/2http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.htmlhttp://www.securityfocus.com/bid/81054http://www.securitytracker.com/id/1034701http://www.ubuntu.com/usn/USN-2870-1http://www.ubuntu.com/usn/USN-2870-2http://www.ubuntu.com/usn/USN-2871-1http://www.ubuntu.com/usn/USN-2871-2http://www.ubuntu.com/usn/USN-2872-1http://www.ubuntu.com/usn/USN-2872-2http://www.ubuntu.com/usn/USN-2872-3http://www.ubuntu.com/usn/USN-2873-1https://bto.bluecoat.com/security-advisory/sa112https://bugzilla.redhat.com/show_bug.cgi?id=1297475https://github.com/torvalds/linux/commit/23567fd052a9abb6d67fe8e7a9ccdd9800a540f2https://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05018265https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05130958https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380https://security.netapp.com/advisory/ntap-20160211-0001/https://www.exploit-db.com/exploits/39277/
2016-02-08
Published
Exploited in the wild