Lucene search

K
cve[email protected]CVE-2016-4470
HistoryJun 27, 2016 - 10:59 a.m.

CVE-2016-4470

2016-06-2710:59:08
web.nvd.nist.gov
144
cve-2016-4470
linux kernel
security
denial of service
system crash
nvd

CVSS2

4.9

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

5.8

Confidence

High

EPSS

0.001

Percentile

17.0%

The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command.

Affected configurations

NVD
Node
oraclevm_serverMatch3.3
OR
oraclevm_serverMatch3.4
Node
oraclelinuxMatch5.0
OR
oraclelinuxMatch6
OR
oraclelinuxMatch7
Node
linuxlinux_kernelRange4.6.3
Node
novellsuse_linux_enterprise_real_time_extensionMatch12.0sp1
Node
redhatenterprise_linuxMatch6.0
OR
redhatenterprise_linux_desktopMatch7.0
OR
redhatenterprise_linux_for_real_timeMatch7.0
OR
redhatenterprise_linux_hpc_nodeMatch7.0
OR
redhatenterprise_linux_hpc_node_eusMatch7.0
OR
redhatenterprise_linux_serverMatch7.0
OR
redhatenterprise_linux_server_ausMatch7.2
OR
redhatenterprise_linux_server_eusMatch7.2
OR
redhatenterprise_linux_workstationMatch7.0
OR
redhatenterprise_mrgMatch2.0
VendorProductVersionCPE
oraclevm_server3.4cpe:/o:oracle:vm_server:3.4:::
oraclevm_server3.3cpe:/o:oracle:vm_server:3.3:::

References

CVSS2

4.9

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

5.8

Confidence

High

EPSS

0.001

Percentile

17.0%