Vulnerability Details : CVE-2016-8650
The mpi_powm function in lib/mpi/mpi-pow.c in the Linux kernel through 4.8.11 does not ensure that memory is allocated for limb data, which allows local users to cause a denial of service (stack memory corruption and panic) via an add_key system call for an RSA key with a zero exponent.
Vulnerability category: Memory CorruptionDenial of service
Products affected by CVE-2016-8650
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-8650
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 11 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-8650
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.9
|
MEDIUM | AV:L/AC:L/Au:N/C:N/I:N/A:C |
3.9
|
6.9
|
NIST | |
|
5.5
|
MEDIUM | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
1.8
|
3.6
|
NIST |
CWE ids for CVE-2016-8650
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-8650
-
https://access.redhat.com/errata/RHSA-2017:0933
RHSA-2017:0933 - Security Advisory - Red Hat Customer Portal
-
https://access.redhat.com/errata/RHSA-2018:1854
RHSA-2018:1854 - Security Advisory - Red Hat Customer Portal
-
https://access.redhat.com/errata/RHSA-2017:0931
RHSA-2017:0931 - Security Advisory - Red Hat Customer Portal
-
http://www.securityfocus.com/bid/94532
Linux Kernel CVE-2016-8650 Null Pointer Deference Local Denial of Service Vulnerability
-
https://bugzilla.redhat.com/show_bug.cgi?id=1395187
1395187 – (CVE-2016-8650) CVE-2016-8650 kernel: Null pointer dereference via keyctlIssue Tracking
-
http://seclists.org/fulldisclosure/2016/Nov/76
Full Disclosure: OS-S 2016-21 - Local DoS: Linux Kernel Nullpointer Dereference via keyctlMailing List
-
https://access.redhat.com/errata/RHSA-2017:0932
RHSA-2017:0932 - Security Advisory - Red Hat Customer Portal
-
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f5527fffff3f002b0a6b376163613b82f69de073
kernel/git/torvalds/linux.git - Linux kernel source treeIssue Tracking;Patch;Vendor Advisory
-
http://www.openwall.com/lists/oss-security/2016/11/24/8
oss-security - Linux kernel: CVE-2016-8650 : Local denial of service with in key subsystemMailing List;Third Party Advisory
-
https://source.android.com/security/bulletin/2017-03-01.html
Android Security Bulletin—March 2017 | Android Open Source Project
-
https://github.com/torvalds/linux/commit/f5527fffff3f002b0a6b376163613b82f69de073
mpi: Fix NULL ptr dereference in mpi_powm() [ver #3] · torvalds/linux@f5527ff · GitHubIssue Tracking;Patch;Third Party Advisory
-
http://www.securitytracker.com/id/1037968
Android Multiple Flaws Let Users Deny Service, Obtain Potentially Sensitive Information, and Gain Elevated Privileges and Let Remote Users Execute Arbitrary Code - SecurityTracker
Jump to