kernel: security: The built-in keyrings for security tokens can be joined as a session and then modified by the root user

🗓️ 01 Aug 2017 14:13:37Reported by RedHatType

redhat

redhat🔗 access.redhat.com👁 2 Views

Root can join the session keyring to access keyrings and add its public key to bypass verification.

Reporter	Title	Published	Views	Family All 203
IBM Security Bulletins	Security Bulletin: IBM QRadar Network Security is affected by vulnerabilities in Linux kernel	16 Jun 201822:04	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in the Linux kernel affect PowerKVM	18 Jun 201801:40	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in the Linux Kernel affect PowerKVM	18 Jun 201801:36	–	ibm
Information Security Automation	Vulners NASL Plugin Feeds for OpenVAS 9	4 Oct 201717:57	–	avleonov
Tenable Nessus	CentOS 7 : kernel (CESA-2017:1842) (Stack Clash)	25 Aug 201700:00	–	nessus
Tenable Nessus	Debian DLA-922-1 : linux security update	1 May 201700:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP1 : kernel (EulerOS-SA-2017-1159)	8 Sep 201700:00	–	nessus
Tenable Nessus	EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1496)	13 May 201900:00	–	nessus
Tenable Nessus	EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1522)	14 May 201900:00	–	nessus
Tenable Nessus	Fedora 24 : kernel (2017-0aa0f69e0c)	5 May 201700:00	–	nessus

OS	OS Version	Architecture	Package	Package Version	Filename
Red Hat Enterprise Linux	7	x86_64	kernel-rt	0:3.10.0-693.rt56.617.el7	kernel-rt-0:3.10.0-693.rt56.617.el7.x86_64.rpm
Red Hat Enterprise Linux	7	x86_64	kernel-rt-debug	0:3.10.0-693.rt56.617.el7	kernel-rt-debug-0:3.10.0-693.rt56.617.el7.x86_64.rpm
Red Hat Enterprise Linux	7	x86_64	kernel-rt-debug-debuginfo	0:3.10.0-693.rt56.617.el7	kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64.rpm
Red Hat Enterprise Linux	7	x86_64	kernel-rt-debug-devel	0:3.10.0-693.rt56.617.el7	kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7.x86_64.rpm
Red Hat Enterprise Linux	7	x86_64	kernel-rt-debug-kvm	0:3.10.0-693.rt56.617.el7	kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7.x86_64.rpm
Red Hat Enterprise Linux	7	x86_64	kernel-rt-debug-kvm-debuginfo	0:3.10.0-693.rt56.617.el7	kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64.rpm
Red Hat Enterprise Linux	7	x86_64	kernel-rt-debuginfo	0:3.10.0-693.rt56.617.el7	kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7.x86_64.rpm
Red Hat Enterprise Linux	7	x86_64	kernel-rt-debuginfo-common-x86_64	0:3.10.0-693.rt56.617.el7	kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7.x86_64.rpm
Red Hat Enterprise Linux	7	x86_64	kernel-rt-devel	0:3.10.0-693.rt56.617.el7	kernel-rt-devel-0:3.10.0-693.rt56.617.el7.x86_64.rpm
Red Hat Enterprise Linux	7	any	kernel-rt-doc	0:3.10.0-693.rt56.617.el7.noarch	kernel-rt-doc-0:3.10.0-693.rt56.617.el7.noarch.noarch.rpm

Source	Link
access	www.access.redhat.com/security/cve/CVE-2016-9604
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
nvd	www.nvd.nist.gov/vuln/detail/CVE-2016-9604
cve	www.cve.org/CVERecord

13 May 2026 01:43Current

7.2High risk

Vulners AI Score7.2

CVSS 22.1

CVSS 34.4

EPSS0.00261

session keyring root access keyring modification verification bypass