Issue metadata
Sign in to add a comment
|
Security: Chrome OS [CVE-2016-0728]
Reported by
eternalg...@gmail.com,
Mar 20 2016
|
||||||||||||||||||||||
Issue descriptionVULNERABILITY DETAILS A use-after-free flaw was found in the way the Linux kernel's key management subsystem handled keyring object reference counting in certain error path of the join_session_keyring() function. A local, unprivileged user could use this flaw to escalate their privileges on the system. VERSION Operating System: ChromeOS current master branch REPRODUCTION CASE The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands. MITIGATION Update to kernmel 4.4.1 or higher. Or apply this patch: https://bugzilla.redhat.com/show_bug.cgi?id=1297475#c13
,
Mar 20 2016
,
Mar 21 2016
Matthew, mind taking a look since this is in the kernel? Thanks.
,
Mar 21 2016
,
Mar 23 2016
,
Mar 24 2016
,
Mar 24 2016
,
Mar 28 2016
cernekee@ fixed this back in January.
,
Jul 5 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 1 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 2 2016
|
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by mea...@chromium.org
, Mar 20 2016