Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 25 Nov 2016 10:25:20 +1100
From: Wade Mealing <>
Subject: Linux kernel: CVE-2016-8650 : Local denial of service with in key subsystem


A flaw was found in the Linux kernel key management subsystem in which
a local attacker could crash the kernel (denial of service) or corrupt
the stack and additional memory by supplying a specially crafted RSA
key.  This flaw panics the machine during the verification of the RSA
key and seems to do a 1 byte corruption of the stack.

This vulnerably can be triggered by any unprivileged user with a local
shell account.

Upstream fix:

Red Hat bug:

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ