Arch Linux Security Advisory ASA-201601-20 ========================================== Severity: Critical Date : 2016-01-20 CVE-ID : CVE-2016-0728 Package : linux Type : privilege escalation Remote : No Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package linux before version 4.3.3-3 is vulnerable to local privilege escalation. Resolution ========== Upgrade to 4.3.3-3. # pacman -Syu "linux>=4.3.3-3" The problem has been fixed upstream but no release is available yet. Workaround ========== None. Description =========== It was reported that possible use-after-free vulnerability in keyring facility, possibly leading to local privilege escalation, was found. Function join_session_keyring in security/keys/process_keys.c holds a reference to the requested keyring, but if that keyring is the same as the one being currently used by the process, the kernel wouldn't decrease keyring->usage before returning to userspace. The usage field can be possibly overflowed causing use-after-free on the keyring object. Impact ====== A local attacker is able to make use of this vulnerability to elevate privileges and gain root access to the underlying system. References ========== https://access.redhat.com/security/cve/CVE-2016-0728 http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-k... https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2... https://bugs.archlinux.org/task/47820