'[oss-security] Linux kernel: CVE-2016-8650 : Local denial of service with in key subsystem'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] Linux kernel: CVE-2016-8650 : Local denial of service with in key subsystem
From:       Wade Mealing <wmealing () redhat ! com>
Date:       2016-11-24 23:25:20
Message-ID: CALJHwhSoFkAS5hhXWwmRD4FmCzzvVCCKUhwozwZY==FS7qZGZQ () mail ! gmail ! com
[Download RAW message or body]

Gday,

A flaw was found in the Linux kernel key management subsystem in which
a local attacker could crash the kernel (denial of service) or corrupt
the stack and additional memory by supplying a specially crafted RSA
key.  This flaw panics the machine during the verification of the RSA
key and seems to do a 1 byte corruption of the stack.

This vulnerably can be triggered by any unprivileged user with a local
shell account.

Upstream fix:

https://lkml.org/lkml/2016/11/23/477

Red Hat bug:

https://bugzilla.redhat.com/show_bug.cgi?id=1395187
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic