PT-2016-1105 · Linux+5 · Linux Kernel+5

Yevgeny Pats

·

Published

2016-01-19

·

Updated

2025-09-29

·

CVE-2016-0728

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.4.1
Description The issue is related to the join session keyring function in the Linux kernel, which mishandles object references in a certain error case. This can be exploited by local users to gain privileges or cause a denial of service, including integer overflow and use-after-free, via crafted keyctl commands. The vulnerability allows a local attacker to potentially execute arbitrary code on the target system.
Recommendations For Linux kernel versions prior to 4.4.1, update to version 4.4.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of the keyctl command to minimize the risk of exploitation.

Exploit

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2025_16880
ALT-PU-2016-1040
ALT-PU-2016-1042
ALT-PU-2016-1043
ALT-PU-2016-1052
ALT-PU-2016-1075
ALT-PU-2018-1465
BDU:2016-00187
CESA-2016_0064
CVE-2016-0728
DSA-3448-1
ELSA-2016-0064
ELSA-2016-3509
ELSA-2016-3510
MGASA-2016-0031
MGASA-2016-0032
MGASA-2016-0033
OPENSUSE-SU-2016_0280-1
OPENSUSE-SU-2016_0301-1
OPENSUSE-SU-2016_0318-1
OPENSUSE-SU-2024:10128-1
RHSA-2016:0064
RHSA-2016:0065
RHSA-2016:0068
RHSA-2016:0103
RHSA-2016_0064
RHSA-2016_0065
SUSE-SU-2016:0186-1
SUSE-SU-2016:0205-1
SUSE-SU-2016:0341-1
SUSE-SU-2016:0745-1
SUSE-SU-2016:0746-1
SUSE-SU-2016:0747-1
SUSE-SU-2016:0750-1
SUSE-SU-2016:0751-1
SUSE-SU-2016:0752-1
SUSE-SU-2016:0753-1
SUSE-SU-2016:0755-1
SUSE-SU-2016:0756-1
SUSE-SU-2016:0757-1
SUSE-SU-2016_0186-1
SUSE-SU-2016_0205-1
USN-2870-1
USN-2870-2
USN-2871-1
USN-2871-2
USN-2872-1
USN-2872-2
USN-2872-3
USN-2873-1

Affected Products

Alt Linux
Centos
Linux Kernel
Red Hat
Suse
Ubuntu