Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000921)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000921 advisory. It was discovered in the Linux kernel before 4.11-rc8 that root can gain direct access to an internal keyring, such as '.dnsresolver' in RHEL-7 or...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002801)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002801 advisory. It was discovered in the Linux kernel before 4.11-rc8 that root can gain direct access to an internal keyring, such as '.dnsresolver' in RHEL-7 or...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001790)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001790 advisory. The copycreds function in kernel/cred.c in the Linux kernel before 3.3.2 provides an invalid replacement session keyring to a child process, which allows local users...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002123)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002123 advisory. The copycreds function in kernel/cred.c in the Linux kernel before 3.3.2 provides an invalid replacement session keyring to a child process, which allows local users...

EUVD-2012-2725

Malware in sbrugna...

EUVD-2005-2099

Malware in sbrugna...

SUSE CVE-2005-2098

The KEYCTLJOINSESSIONKEYRING operation in the Linux kernel before 2.6.12.5 contains an error path that does not properly release the session management semaphore, which allows local users or remote attackers to cause a denial of service semaphore hang via a new session keyring 1 with an empty nam...

SUSE CVE-2009-0031

Memory leak in the keyctljoinsessionkeyring function security/keys/keyctl.c in Linux kernel 2.6.29-rc2 and earlier allows local users to cause a denial of service kernel memory consumption via unknown vectors related to a "missing kfree."...

SUSE CVE-2012-2745

The copycreds function in kernel/cred.c in the Linux kernel before 3.3.2 provides an invalid replacement session keyring to a child process, which allows local users to cause a denial of service panic via a crafted application that uses the fork system call...

SUSE CVE-2016-9604

It was discovered in the Linux kernel before 4.11-rc8 that root can gain direct access to an internal keyring, such as '.dnsresolver' in RHEL-7 or '.builtintrustedkeys' upstream, by joining it as its session keyring. This allows root to bypass module signature verification by adding a new public...

DEBIAN-CVE-2016-9604

It was discovered in the Linux kernel before 4.11-rc8 that root can gain direct access to an internal keyring, such as '.dnsresolver' in RHEL-7 or '.builtintrustedkeys' upstream, by joining it as its session keyring. This allows root to bypass module signature verification by adding a new public...

kernel: security: The built-in keyrings for security tokens can be joined as a session and then modified by the root user

It was discovered that root can gain direct access to an internal keyring, such as '.dnsresolver' in RHEL-7 or '.builtintrustedkeys' upstream, by joining it as its session keyring. This allows root to bypass module signature verification by adding a new public key of its own devising to the keyri...

kernel: security: The built-in keyrings for security tokens can be joined as a session and then modified by the root user

It was discovered that root can gain direct access to an internal keyring, such as '.dnsresolver' in RHEL-7 or '.builtintrustedkeys' upstream, by joining it as its session keyring. This allows root to bypass module signature verification by adding a new public key of its own devising to the keyri...

kernel: security: The built-in keyrings for security tokens can be joined as a session and then modified by the root user

It was discovered that root can gain direct access to an internal keyring, such as '.dnsresolver' in RHEL-7 or '.builtintrustedkeys' upstream, by joining it as its session keyring. This allows root to bypass module signature verification by adding a new public key of its own devising to the keyri...

UBUNTU-CVE-2016-9604

It was discovered in the Linux kernel before 4.11-rc8 that root can gain direct access to an internal keyring, such as '.dnsresolver' in RHEL-7 or '.builtintrustedkeys' upstream, by joining it as its session keyring. This allows root to bypass module signature verification by adding a new public...

VulnCheck KEV: CVE-2016-0728

The joinsessionkeyring function in security/keys/processkeys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service integer overflow and use-after-free via crafted keyctl commands...

DEBIAN-CVE-2016-0728

The joinsessionkeyring function in security/keys/processkeys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service integer overflow and use-after-free via crafted keyctl commands...

openSUSE: Security Advisory for kernel (openSUSE-SU-2016:0318-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

kernel: Possible use-after-free vulnerability in keyring facility

A use-after-free flaw was found in the way the Linux kernel's key management subsystem handled keyring object reference counting in certain error path of the joinsessionkeyring function. A local, unprivileged user could use this flaw to escalate their privileges on the system...

Security update for the Linux Kernel (important)

The Linux kernel for openSUSE Leap 42.1 was updated to the 4.1.15 stable release, and also includes security and bugfixes. Following security bugs were fixed: - CVE-2016-0728: A reference leak in keyring handling with joinsessionkeyring could lead to local attackers gain root privileges. bsc96207...