CVE-2016-0728

Summary

CVE	CVE-2016-0728
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2016-02-08 03:59:00 UTC
Updated	2023-02-12 23:15:00 UTC
Description	The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands.

Risk And Classification

Problem Types: NVD-CWE-Other

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Canonical	Ubuntu Linux	12.04	All	All	All
Operating System	Canonical	Ubuntu Linux	14.04	All	All	All
Operating System	Canonical	Ubuntu Linux	15.04	All	All	All
Operating System	Canonical	Ubuntu Linux	15.10	All	All	All
Operating System	Debian	Debian Linux	8.0	All	All	All
Operating System	Google	Android	4.0	All	All	All
Operating System	Google	Android	4.0.1	All	All	All
Operating System	Google	Android	4.0.2	All	All	All
Operating System	Google	Android	4.0.3	All	All	All
Operating System	Google	Android	4.0.4	All	All	All
Operating System	Google	Android	4.1	All	All	All
Operating System	Google	Android	4.1.2	All	All	All
Operating System	Google	Android	4.2	All	All	All
Operating System	Google	Android	4.2.1	All	All	All
Operating System	Google	Android	4.2.2	All	All	All
Operating System	Google	Android	4.3	All	All	All
Operating System	Google	Android	4.3.1	All	All	All
Operating System	Google	Android	4.4	All	All	All
Operating System	Google	Android	4.4.1	All	All	All
Operating System	Google	Android	4.4.2	All	All	All
Operating System	Google	Android	4.4.3	All	All	All
Operating System	Google	Android	5.0	All	All	All
Operating System	Google	Android	5.0.1	All	All	All
Operating System	Google	Android	5.0.2	All	All	All
Operating System	Google	Android	5.1	All	All	All
Operating System	Google	Android	5.1.0	All	All	All
Operating System	Google	Android	5.1.1	All	All	All
Operating System	Google	Android	6.0	All	All	All
Operating System	Google	Android	6.0.1	All	All	All
Operating System	Google	Android	4.0	All	All	All
Operating System	Google	Android	4.0.1	All	All	All
Operating System	Google	Android	4.0.2	All	All	All
Operating System	Google	Android	4.0.3	All	All	All
Operating System	Google	Android	4.0.4	All	All	All
Operating System	Google	Android	4.1	All	All	All
Operating System	Google	Android	4.1.2	All	All	All
Operating System	Google	Android	4.2	All	All	All
Operating System	Google	Android	4.2.1	All	All	All
Operating System	Google	Android	4.2.2	All	All	All
Operating System	Google	Android	4.3	All	All	All
Operating System	Google	Android	4.3.1	All	All	All
Operating System	Google	Android	4.4	All	All	All
Operating System	Google	Android	4.4.1	All	All	All
Operating System	Google	Android	4.4.2	All	All	All
Operating System	Google	Android	4.4.3	All	All	All
Operating System	Google	Android	5.0	All	All	All
Operating System	Google	Android	5.0.1	All	All	All
Operating System	Google	Android	5.0.2	All	All	All
Operating System	Google	Android	5.1	All	All	All
Operating System	Google	Android	5.1.0	All	All	All
Operating System	Google	Android	5.1.1	All	All	All
Operating System	Google	Android	6.0	All	All	All
Operating System	Google	Android	6.0.1	All	All	All
Application	Hp	Server Migration Pack	All	All	All	All
Operating System	Linux	Linux Kernel	All	All	All	All
Operating System	Linux	Linux Kernel	All	All	All	All

References

Reference	Source	Link	Tags
Red Hat Customer Portal	MISC	access.redhat.com
Use after free vulnerability in Linux kernel keychain management (CVE-2016-0728) - Red Hat Customer Portal	MISC	access.redhat.com
USN-2870-2: Linux kernel (Trusty HWE) vulnerability \| Ubuntu	UBUNTU	www.ubuntu.com
USN-2873-1: Linux kernel (Utopic HWE) vulnerability \| Ubuntu	UBUNTU	www.ubuntu.com
Red Hat Customer Portal	MISC	access.redhat.com
[SECURITY] Fedora 23 Update: kernel-4.3.3-303.fc23	FEDORA	lists.fedoraproject.org
[security-announce] SUSE-SU-2016:0757-1: important: Security update for	SUSE	lists.opensuse.org
www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.1	CONFIRM	www.kernel.org	Vendor Advisory
Linux Kernel 4.4.1 - REFCOUNT Overflow/Use-After-Free in Keyrings Privilege Escalation (1)	EXPLOIT-DB	www.exploit-db.com
Nexus Security Bulletin - March 2016 \| Android Open Source Project	CONFIRM	source.android.com	Vendor Advisory
USN-2871-2: Linux kernel (Vivid HWE) vulnerability \| Ubuntu	UBUNTU	www.ubuntu.com
USN-2872-1: Linux kernel vulnerability \| Ubuntu	UBUNTU	www.ubuntu.com
Debian -- Security Information -- DSA-3448-1 linux	DEBIAN	www.debian.org
Red Hat Customer Portal	REDHAT	rhn.redhat.com
[security-announce] SUSE-SU-2016:0747-1: important: Security update for	SUSE	lists.opensuse.org
[security-announce] SUSE-SU-2016:0752-1: important: Security update for	SUSE	lists.opensuse.org
[security-announce] SUSE-SU-2016:0750-1: important: Security update for	SUSE	lists.opensuse.org
kernel/git/torvalds/linux.git - Linux kernel source tree	CONFIRM	git.kernel.org
USN-2872-3: Linux kernel (Raspberry Pi 2) vulnerability \| Ubuntu	UBUNTU	www.ubuntu.com
Red Hat Customer Portal	REDHAT	rhn.redhat.com
KEYS: Fix keyring ref leak in join_session_keyring() · torvalds/linux@23567fd · GitHub	CONFIRM	github.com
[security-announce] SUSE-SU-2016:0755-1: important: Security update for	SUSE	lists.opensuse.org
[security-announce] SUSE-SU-2016:0751-1: important: Security update for	SUSE	lists.opensuse.org
[security-announce] SUSE-SU-2016:0753-1: important: Security update for	SUSE	lists.opensuse.org
Analysis and Exploitation of a Linux Kernel Vulnerability (CVE-2016-0728) \| Perception Point	MISC	perception-point.io
Document Display \| HPE Support Center	CONFIRM	h20566.www2.hpe.com
[security-announce] SUSE-SU-2016:0205-1: important: Security update for	SUSE	lists.opensuse.org
Red Hat Customer Portal	REDHAT	rhn.redhat.com
USN-2871-1: Linux kernel vulnerability \| Ubuntu	UBUNTU	www.ubuntu.com
Oracle Linux Bulletin - January 2016	CONFIRM	www.oracle.com
USN-2872-2: Linux kernel (Wily HWE) vulnerability \| Ubuntu	UBUNTU	www.ubuntu.com
Red Hat Customer Portal	MISC	access.redhat.com
[security-announce] SUSE-SU-2016:0746-1: important: Security update for	SUSE	lists.opensuse.org
Linux Kernel Session Keyring Reference Count Overflow Bug Lets Local Users Obtain Root Privileges - SecurityTracker	SECTRACK	www.securitytracker.com
oss-security - Linux kernel: use after free in keyring facility.	MLIST	www.openwall.com
[SECURITY] Fedora 22 Update: kernel-4.3.4-200.fc22	FEDORA	lists.fedoraproject.org
CVE-2016-0728 - Red Hat Customer Portal	MISC	access.redhat.com
CVE-2016-0728 Linux Kernel Privilege Escalation Vulnerability in NetApp Products \| NetApp Product Security	CONFIRM	security.netapp.com
SA112 : Linux Kernel Keyring Privilege Escalation \| Symantec	CONFIRM	bto.bluecoat.com
[security-announce] SUSE-SU-2016:0756-1: important: Security update for	SUSE	lists.opensuse.org
Document Display \| HPE Support Center	CONFIRM	h20566.www2.hpe.com
Bug 1297475 – CVE-2016-0728 kernel: Possible use-after-free vulnerability in keyring facility	CONFIRM	bugzilla.redhat.com
[security-announce] SUSE-SU-2016:0745-1: important: Security update for	SUSE	lists.opensuse.org
USN-2870-1: Linux kernel vulnerability \| Ubuntu	UBUNTU	www.ubuntu.com
Red Hat Customer Portal	MISC	access.redhat.com
HPSBHF03436	HP	h20565.www2.hp.com
[security-announce] SUSE-SU-2016:0341-1: important: Security update for	SUSE	lists.opensuse.org
Linux Kernel CVE-2016-0728 Local Privilege Escalation Vulnerability	BID	www.securityfocus.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.