[arch-security] [ASA-201601-26] linux-lts: privilege escalation
Arch Linux Security Advisory ASA-201601-26 ========================================== Severity: Critical Date : 2016-01-25 CVE-ID : CVE-2016-0728 Package : linux-lts Type : privilege escalation Remote : No Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package linux-lts before version 4.1.16-1 is vulnerable to local privilege escalation. Resolution ========== Upgrade to 4.1.16-1. # pacman -Syu "linux-lts>=4.1.16-1" The problem has been fixed upstream in version 4.1.16. Workaround ========== None. Description =========== It was reported that possible use-after-free vulnerability in keyring facility, possibly leading to local privilege escalation, was found. Function join_session_keyring in security/keys/process_keys.c holds a reference to the requested keyring, but if that keyring is the same as the one being currently used by the process, the kernel wouldn't decrease keyring->usage before returning to userspace. The usage field can be possibly overflowed causing use-after-free on the keyring object. Impact ====== A local attacker is able to make use of this vulnerability to elevate privileges and gain root access to the underlying system. References ========== https://access.redhat.com/security/cve/CVE-2016-0728 http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-k... https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2... https://bugs.archlinux.org/task/47820
participants (1)
-
Levente Polyak