Use-after-free vulnerability in keyring facility (CVE-2016-0728)
This document (7017169) is provided subject to the disclaimer at the end of this document.
SUSE Linux Enterprise Server 12 (SLES 12)
This "use-after-free" vulnerability in keyring facility can possible lead to a local privilege escalation.
Function join_sesssion-keyring in security/keys/process_keys.c holds a reference to the requested keyring, but if that keyring is the same as the one being currently used by the process, the kernel would not decrease keyring->usage before returning to userspace.
The usage field can be possibly overflowed causing use-after-free on the keyring object.
SLES 12 SP1:
- SUSE has released a patch on 20th of January 2016
- kernel version 3.12.51-60.25.1
- SUSE has released a patch on 22nd of January 2016
- kernel version 3.12.51-52.39.1
To solve the problem install the above kernel patch.
- Document ID:7017169
- Creation Date: 20-Jan-2016
- Modified Date:03-Mar-2020
- SUSE Linux Enterprise Server
For questions or concerns with the SUSE Knowledgebase please contact: firstname.lastname@example.org