2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
0.0005 Low
EPSS
Percentile
15.6%
The key_gc_unused_keys function in security/keys/gc.c in the Linux kernel
through 4.2.6 allows local users to cause a denial of service (OOPS) via
crafted keyctl commands.
Author | Note |
---|---|
jdstrand | android kernels (flo, goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 14.10 and earlier preview kernels linux-lts-saucy no longer receives official support linux-lts-quantal no longer receives official support |
kamal | Per the oss-security discussion and the authorβs commit notes, 911b79cde is not actually a security issue, so removed its break-fix. |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 12.04 | noarch | linux | <Β 3.2.0-96.136 | UNKNOWN |
ubuntu | 14.04 | noarch | linux | <Β 3.13.0-70.113 | UNKNOWN |
ubuntu | 15.04 | noarch | linux | <Β 3.19.0-37.42 | UNKNOWN |
ubuntu | 15.10 | noarch | linux | <Β 4.2.0-21.25 | UNKNOWN |
ubuntu | 12.04 | noarch | linux-armadaxp | <Β 3.2.0-1660.84 | UNKNOWN |
ubuntu | 12.04 | noarch | linux-lts-trusty | <Β 3.13.0-71.114~precise1 | UNKNOWN |
ubuntu | 14.04 | noarch | linux-lts-utopic | <Β 3.16.0-55.74~14.04.1 | UNKNOWN |
ubuntu | 14.04 | noarch | linux-lts-vivid | <Β 3.19.0-37.42~14.04.1 | UNKNOWN |
ubuntu | 14.04 | noarch | linux-lts-wily | <Β 4.2.0-21.25~14.04.1 | UNKNOWN |
ubuntu | 15.10 | noarch | linux-raspi2 | <Β 4.2.0-1016.23 | UNKNOWN |
www.openwall.com/lists/oss-security/2015/10/20/5
bugzilla.redhat.com/show_bug.cgi?id=1272371
launchpad.net/bugs/cve/CVE-2015-7872
nvd.nist.gov/vuln/detail/CVE-2015-7872
security-tracker.debian.org/tracker/CVE-2015-7872
ubuntu.com/security/notices/USN-2823-1
ubuntu.com/security/notices/USN-2824-1
ubuntu.com/security/notices/USN-2826-1
ubuntu.com/security/notices/USN-2829-1
ubuntu.com/security/notices/USN-2829-2
ubuntu.com/security/notices/USN-2840-1
ubuntu.com/security/notices/USN-2840-2
ubuntu.com/security/notices/USN-2843-1
ubuntu.com/security/notices/USN-2843-2
ubuntu.com/security/notices/USN-2843-3
www.cve.org/CVERecord?id=CVE-2015-7872