The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command.
Metrics
Affected Vendors & Products
Advisories
Source | ID | Title |
---|---|---|
![]() |
DLA-609-1 | linux security update |
![]() |
DSA-3607-1 | linux security update |
![]() |
EUVD-2016-5457 | The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command. |
![]() |
USN-3049-1 | Linux kernel vulnerabilities |
![]() |
USN-3050-1 | Linux kernel (OMAP4) vulnerabilities |
![]() |
USN-3051-1 | Linux kernel (Trusty HWE) vulnerabilities |
![]() |
USN-3052-1 | Linux kernel vulnerabilities |
![]() |
USN-3053-1 | Linux kernel (Vivid HWE) vulnerabilities |
![]() |
USN-3054-1 | Linux kernel (Xenial HWE) vulnerabilities |
![]() |
USN-3055-1 | Linux kernel vulnerabilities |
![]() |
USN-3056-1 | Linux kernel (Raspberry Pi 2) vulnerabilities |
![]() |
USN-3057-1 | Linux kernel (Qualcomm Snapdragon) vulnerabilities |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
No history.

Status: PUBLISHED
Assigner: redhat
Published:
Updated: 2024-08-06T00:32:25.328Z
Reserved: 2016-05-02T00:00:00
Link: CVE-2016-4470

No data.

Status : Deferred
Published: 2016-06-27T10:59:08.720
Modified: 2025-04-12T10:46:40.837
Link: CVE-2016-4470


No data.