Use after free vulnerability in Linux kernel keychain management (CVE-2016-0728)
Updated -
- Status
- Resolved
- Impact
- Important
Red Hat Product Security has been notified of a vulnerability rates as Important in severity and stems from the Linux kernel version 3.10 that shipped with Red Hat Enterprise Linux 7.
Background Information
-
An issue was reported that the kernel keyring facility was vulnerable to a possible use-after-free attack. Successful compromise could lead to local privilege escalation. The Function
join_sessioninsecurity/keys/process_keys.cholds a reference to the requested keyring, but if that keyring was the some one currently being processed, the kernel would not descrease keyring usage before returning to userspace. The usage field could possibly be overflowed, causing use-afer-free on the keyring object. - The exploit is documented: http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-2016-0728/ .
- This issue is being managed through CVE-2016-0728 .
- This issue is documented in KB 2131021 .
- Direct exploitation of this issue requires a skilled attacker with local access.
An attack could allow execution of arbitrary code and potential escaltion of privileges by a skilled attacker.
The following versions of Red Hat Products are impacted:
- Red Hat Enterprise Linux 7 running kernel 3.10
This issue does not affect the Linux kernels shipped with Red Hat Enterprise Linux 5 or 6.
Take Action
Red Hat Security Advisories have been issued for this vulnerability. The links to the patches can be found below.
A Systemtap script is available, by request, to mitigate this issue. Please open a Support Case through the REd HAt customer portal or by phone to gain access to it.
Detailed Impact Information
| Product | Package | Advisory/Update |
|---|---|---|
| Red Hat Enterprise Linux 7 | kernel | RHSA-2016:0064 |
| Red Hat Enterprise Linux 7 | kernel-rt | RHSA-2016:0065 |
| Red Hat Enterprise MRG 2 | kernel-rt | RHSA-2016:0068 |
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
3 Comments
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Current Customers and Partners
Log in for full access
Log InNew to Red Hat?
Learn more about Red Hat subscriptions
Do we have a tentative date of this fix ?
RHEL7 patches are out now.
What kernel level do we need to be at for the bug to be resolved? I might be at it already but not sure.