vulnerability
Google Android Vulnerability: CVE-2016-0728
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:L/AC:L/Au:N/C:C/I:C/A:C) | 2016-02-07 | 2016-04-18 | 2023-02-14 |
Severity
7
CVSS
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
Published
2016-02-07
Added
2016-04-18
Modified
2023-02-14
Description
The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands.
Solution
google-android-upgrade-latest
References
- BID-81054
- CVE-2016-0728
- https://attackerkb.com/topics/CVE-2016-0728
- DEBIAN-DSA-3448
- REDHAT-RHSA-2016:0064
- REDHAT-RHSA-2016:0065
- REDHAT-RHSA-2016:0068
- URL-http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=23567fd052a9abb6d67fe8e7a9ccdd9800a540f2
- URL-http://source.android.com/security/bulletin/2016-03-01.html
- URL-http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.1
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.