Lucene search

K
ubuntucveUbuntu.comUB:CVE-2016-8650
HistoryNov 27, 2016 - 12:00 a.m.

CVE-2016-8650

2016-11-2700:00:00
ubuntu.com
ubuntu.com
26
mpi_powm function
linux kernel
denial of service
add_key system call
rsa key

CVSS2

4.9

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0

Percentile

5.1%

The mpi_powm function in lib/mpi/mpi-pow.c in the Linux kernel through
4.8.11 does not ensure that memory is allocated for limb data, which allows
local users to cause a denial of service (stack memory corruption and
panic) via an add_key system call for an RSA key with a zero exponent.

Bugs

Notes

Author Note
jdstrand android kernels (flo, goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 14.10 and earlier preview kernels linux-lts-saucy no longer receives official support linux-lts-quantal no longer receives official support
OSVersionArchitecturePackageVersionFilename
ubuntu14.04noarchlinux< 3.13.0-132.181UNKNOWN
ubuntu16.04noarchlinux< 4.4.0-62.83UNKNOWN
ubuntu16.10noarchlinux< 4.8.0-37.39UNKNOWN
ubuntu16.04noarchlinux-aws< 4.4.0-1003.12UNKNOWN
ubuntu16.04noarchlinux-hwe< 4.8.0-39.42~16.04.1UNKNOWN
ubuntu16.04noarchlinux-hwe-edge< 4.8.0-39.42~16.04.1UNKNOWN
ubuntu14.04noarchlinux-lts-xenial< 4.4.0-62.83~14.04.1UNKNOWN
ubuntu16.04noarchlinux-raspi2< 4.4.0-1042.49UNKNOWN
ubuntu16.10noarchlinux-raspi2< 4.8.0-1024.27UNKNOWN
ubuntu16.04noarchlinux-snapdragon< 4.4.0-1046.50UNKNOWN
Rows per page:
1-10 of 111

CVSS2

4.9

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0

Percentile

5.1%