Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 19 Jan 2016 06:58:38 -0500 (EST)
From: Wade Mealing <>
To: OSS Security List <>
Subject: Linux kernel: use after free in keyring facility.


It was reported that possible use-after-free vulnerability in keyring facility, possibly leading to local privilege escalation was found. The function join_session_keyring in security/keys/process_keys.c holds a reference to the requested keyring, but if that keyring is the same as the one being currently used by the process, the kernel wouldn't decrease keyring->usage before returning to userspace. The usage field can be overflowed causing use-after-free on the keyring object.

This was introduced in commit 3a50597de8635cd05133bd12c95681c82fe7b878.

Perception point reported this vulnerability to Red Hat and it has been assigned CVE-2016_0728.  

Red Hat Bugzilla flaw:


Patches will be available shortly with the upstream fix and are also explained in the investigation link above.

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ