CVE-2016-0728

Published: Feb 8, 2016Modified: May 6, 2026

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands.

Affected (38)

Products: Google: Android · Hp: Server Migration Pack · Linux: Linux Kernel · +2 more

Show all products

Google: Android · Hp: Server Migration Pack · Linux: Linux Kernel · Debian: Debian Linux · Canonical: Ubuntu Linux

Google

1 product

Android

1 product

Server Migration Pack

1 product

1 product

1 product

Configuration A

24 vulnerable

Vulnerable Software	Affected Versions
Google Android	Version 4.0.1
Google Android	Version 4.0.2
Google Android	Version 4.0.3
Google Android	Version 4.0.4
Google Android	Version 4.0
Google Android	Version 4.1.2
Google Android	Version 4.1
Google Android	Version 4.2.1
Google Android	Version 4.2.2
Google Android	Version 4.2
Google Android	Version 4.3.1
Google Android	Version 4.3
Google Android	Version 4.4.1
Google Android	Version 4.4.2
Google Android	Version 4.4.3
Google Android	Version 4.4
Google Android	Version 5.0.1
Google Android	Version 5.0.2
Google Android	Version 5.0
Google Android	Version 5.1.0
Google Android	Version 5.1.1
Google Android	Version 5.1
Google Android	Version 6.0.1
Google Android	Version 6.0

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Hp Server Migration Pack	Up to 7.5

Configuration C

8 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	From 3.11 to 3.12.53
Linux Linux Kernel	From 3.13 to 3.14.59
Linux Linux Kernel	From 3.15 to 3.16.35
Linux Linux Kernel	From 3.17 to 3.18.26
Linux Linux Kernel	From 3.19 to 4.1.16
Linux Linux Kernel	From 3.8 to 3.10.95
Linux Linux Kernel	From 4.2 to 4.3.4
Linux Linux Kernel	From 4.4 to 4.4.1

Configuration D

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 8.0

Configuration E

4 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 12.04
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 15.04
Canonical Ubuntu Linux	Version 15.10

References (84)

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=23567fd052a9abb6d67fe8e7a9ccdd9800a540f2

Source: secalert@redhat.com

Vendor Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176484.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176194.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00026.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00012.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00033.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00034.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00035.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00038.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00039.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00040.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00041.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00043.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00044.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00045.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-2016-0728/

Source: secalert@redhat.com

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2016-0064.html

Source: secalert@redhat.com

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2016-0065.html

Source: secalert@redhat.com

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2016-0068.html

Source: secalert@redhat.com

Third Party Advisory

http://source.android.com/security/bulletin/2016-03-01.html

Source: secalert@redhat.com

Vendor Advisory

http://www.debian.org/security/2016/dsa-3448

Source: secalert@redhat.com

Third Party Advisory

http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.1

Source: secalert@redhat.com

Vendor Advisory

http://www.openwall.com/lists/oss-security/2016/01/19/2

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

Source: secalert@redhat.com

Third Party Advisory

http://www.securityfocus.com/bid/81054

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1034701

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

http://www.ubuntu.com/usn/USN-2870-1

Source: secalert@redhat.com

Third Party Advisory

http://www.ubuntu.com/usn/USN-2870-2

Source: secalert@redhat.com

Third Party Advisory

http://www.ubuntu.com/usn/USN-2871-1

Source: secalert@redhat.com

Third Party Advisory

http://www.ubuntu.com/usn/USN-2871-2

Source: secalert@redhat.com

Third Party Advisory

http://www.ubuntu.com/usn/USN-2872-1

Source: secalert@redhat.com

Third Party Advisory

http://www.ubuntu.com/usn/USN-2872-2

Source: secalert@redhat.com

Third Party Advisory

http://www.ubuntu.com/usn/USN-2872-3

Source: secalert@redhat.com

Third Party Advisory

http://www.ubuntu.com/usn/USN-2873-1

Source: secalert@redhat.com

Third Party Advisory

https://bto.bluecoat.com/security-advisory/sa112

Source: secalert@redhat.com

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1297475

Source: secalert@redhat.com

Issue TrackingThird Party Advisory

https://github.com/torvalds/linux/commit/23567fd052a9abb6d67fe8e7a9ccdd9800a540f2

Source: secalert@redhat.com

Third Party Advisory

https://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05018265

Source: secalert@redhat.com

Third Party Advisory

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05130958

Source: secalert@redhat.com

Third Party Advisory

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380

Source: secalert@redhat.com

Third Party Advisory

https://security.netapp.com/advisory/ntap-20160211-0001/

Source: secalert@redhat.com

Third Party Advisory

https://www.exploit-db.com/exploits/39277/

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=23567fd052a9abb6d67fe8e7a9ccdd9800a540f2