Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
None
Privileges Required
Low
Attack Vector
Local
0

CVE-2016-0728

Disclosure Date: February 08, 2016
CVE-2016-0728 CVSS v3 Base Score: 7.8
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
7.8 High
Impact Score:
5.9
Exploitability Score:
1.8
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector (AV):
Local
Attack Complexity (AC):
Low
Privileges Required (PR):
Low
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
High

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • canonical,
  • debian,
  • google,
  • hp,
  • linux

Products

  • android 4.0,
  • android 4.0.1,
  • android 4.0.2,
  • android 4.0.3,
  • android 4.0.4,
  • android 4.1,
  • android 4.1.2,
  • android 4.2,
  • android 4.2.1,
  • android 4.2.2,
  • android 4.3,
  • android 4.3.1,
  • android 4.4,
  • android 4.4.1,
  • android 4.4.2,
  • android 4.4.3,
  • android 5.0,
  • android 5.0.1,
  • android 5.0.2,
  • android 5.1,
  • android 5.1.0,
  • android 5.1.1,
  • android 6.0,
  • android 6.0.1,
  • debian linux 8.0,
  • linux kernel,
  • server migration pack,
  • ubuntu linux 12.04,
  • ubuntu linux 14.04,
  • ubuntu linux 15.04,
  • ubuntu linux 15.10

References

Canonical
CVE-2016-0728 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0728)
BID-81054 (http://www.securityfocus.com/bid/81054)
Advisory
SECTRACK-1034701 (http://www.securitytracker.com/id/1034701)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00038.html
USN-2871-1 (http://www.ubuntu.com/usn/USN-2871-1)
http://rhn.redhat.com/errata/RHSA-2016-0068.html
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00026.html
USN-2870-2 (http://www.ubuntu.com/usn/USN-2870-2)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00039.html
USN-2872-3 (http://www.ubuntu.com/usn/USN-2872-3)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00035.html
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.1
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00043.html
USN-2872-1 (http://www.ubuntu.com/usn/USN-2872-1)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00045.html
USN-2871-2 (http://www.ubuntu.com/usn/USN-2871-2)
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit?id=23567fd052a9abb6d67fe8e7a9ccdd9800a540f2
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00041.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
EXPLOIT-DB-39277 (https://www.exploit-db.com/exploits/39277)
FEDORA-2016-b59fd603be (http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176194.html)
http://source.android.com/security/bulletin/2016-03-01.html
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00034.html
https://github.com/torvalds/linux/commit/23567fd052a9abb6d67fe8e7a9ccdd9800a540f2
USN-2873-1 (http://www.ubuntu.com/usn/USN-2873-1)
https://bugzilla.redhat.com/show_bug.cgi?id=1297475
FEDORA-2016-5d43766e33 (http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176484.html)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00033.html
http://rhn.redhat.com/errata/RHSA-2016-0065.html
USN-2870-1 (http://www.ubuntu.com/usn/USN-2870-1)
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00044.html
https://bto.bluecoat.com/security-advisory/sa112
USN-2872-2 (http://www.ubuntu.com/usn/USN-2872-2)
DSA-3448 (http://www.debian.org/security/2016/dsa-3448)
https://security.netapp.com/advisory/ntap-20160211-0001
http://rhn.redhat.com/errata/RHSA-2016-0064.html
HPSBHF03436 (https://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05018265)
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05130958
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00040.html
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00012.html
[oss-security] 20160119 Linux kernel: use after free in keyring facility. (http://www.openwall.com/lists/oss-security/2016/01/19/2)
Miscellaneous
http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-2016-0728
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=23567fd052a9abb6d67fe8e7a9ccdd9800a540f2
http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-2016-0728/
https://access.redhat.com/errata/RHSA-2016:0064
https://access.redhat.com/errata/RHSA-2016:0065
https://access.redhat.com/errata/RHSA-2016:0068
https://access.redhat.com/errata/RHSA-2016:0103
https://access.redhat.com/node/2131021
https://access.redhat.com/security/cve/CVE-2016-0728
https://security.netapp.com/advisory/ntap-20160211-0001/
https://www.exploit-db.com/exploits/39277/

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis