Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 15 Jun 2016 16:29:50 +1000
From: Wade Mealing <>
Subject: CVE-2016-4470: Linux kernel Uninitialized variable in request_key
 handling user controlled kfree().


A flaw was found in the Linux kernels keyring handling code, where in
key_reject_and_link() there's an uninitialised variable that isn't set
by __key_link_begin() on the destination keyring if that function

If a destination keyring was supplied, then __key_link_end() is called
whether or not __key_link_begin() succeeded, with the result that the
edit pointers contains members which end up being freed.   These are
the user controlled addresses that can exist from previous memory


Wade Mealing
Product Security Team



Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.