CVE-2016-4470

CWE-25324 documents9 sources

Severity

5.5MEDIUM

EPSS

0.1%

top 82.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Novell Suse Linux Enterprise Real Time Extension Oracle Linux +11 more

Timeline

PublishedJun 27

Latest updateMay 13

Description

The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages12 packages

▶NVDlinux/linux_kernel4.6.3

▶Debianlinux< 4.6.2-2+3

▶Ubuntulinux< 3.13.0-93.140

▶Ubuntulinux-lts-vivid< 3.19.0-66.74~14.04.1

▶NVDoracle/linux5.0, 6, 7+2

Also affects: Enterprise Linux 6.0, 7.0, 7.2

🔴Vulnerability Details

GHSA

GHSA-9x7c-6h5w-qmpg: The key_reject_and_link function in security/keys/key↗2022-05-13

▶

OSV

linux vulnerabilities↗2016-08-10

▶

OSV

linux-lts-vivid vulnerabilities↗2016-08-10

▶

OSV

linux-lts-xenial vulnerabilities↗2016-08-10

▶

OSV

linux-snapdragon vulnerabilities↗2016-08-10

▶

📋Vendor Advisories

Android

CVE-2016-4470: Android Security Bulletin 2016-09-01 CVE: CVE-2016-4470 Severity: CRITICAL References: A-29823941 Upstream kernel↗2016-09-01

▶

Ubuntu

Linux kernel vulnerabilities↗2016-08-10

▶

Ubuntu

Linux kernel (Raspberry Pi 2) vulnerabilities↗2016-08-10

▶

Ubuntu

Linux kernel vulnerabilities↗2016-08-10

▶

Ubuntu

Linux kernel (Vivid HWE) vulnerabilities↗2016-08-10

▶

💬Community

Bugzilla

CVE-2016-4470 kernel: Uninitialized variable in request_key handling causes kernel crash in error handling path [fedora-all]↗2016-06-15

▶

Bugzilla

CVE-2016-4470 kernel: Uninitialized variable in request_key handling causes kernel crash in error handling path↗2016-06-01

▶