Changes made to bug 1297475

Back to bug 1297475

Who	When	What	Removed	Added
Adam Mariš	2016-01-11 15:42:09 UTC	CC		security-response-team
Red Hat Bugzilla	2016-01-11 15:42:09 UTC	Doc Type	---	Bug Fix
Adam Mariš	2016-01-11 15:50:48 UTC	Blocks		1297482
Adam Mariš	2016-01-11 15:51:28 UTC	Depends On		1296623
Kurt Seifried	2016-01-11 16:50:32 UTC	Alias		CVE-2016-0728
Kurt Seifried	2016-01-11 16:50:40 UTC	Summary	EMBARGOED kernel: Possible use-after-free vulnerability in keyring facility	EMBARGOED CVE-2016-0728 kernel: Possible use-after-free vulnerability in keyring facility
Wade Mealing	2016-01-13 04:25:54 UTC	Whiteboard	impact=moderate,public=no,reported=20160107,source=researcher,cvss2=4.1/AV:L/AC:M/Au:S/C:P/I:P/A:P,cwe=CWE-416,rhel-5/kernel=new,rhel-6/kernel=new,rhel-7/kernel=new,rhel-7/kernel-rt=new,rhel-7/kernel-aarch64=new,rhelsa-7.1/kernel=new,mrg-2/kernel=new,fedora-all/kernel=affected	impact=moderate,public=no,reported=20160107,source=researcher,cvss2=4.1/AV:L/AC:M/Au:S/C:P/I:P/A:P,cwe=CWE-416,fedora-all/kernel=affected,rhel-4/kernel=notaffected,rhel-5/kernel=notaffected,rhel-6/kernel=notaffected,rhel-7/kernel=affected,rhel-7/kernel-rt=affected,rhelsa-7/kernel-biscayne=affected,mrg-2/realtime-kernel=affected
Wade Mealing	2016-01-13 04:26:10 UTC	CC		blc, mlangsdo
Wade Mealing	2016-01-13 04:28:46 UTC	Depends On		1298035
Wade Mealing	2016-01-13 04:35:09 UTC	Depends On		1298036
Wade Mealing	2016-01-13 04:35:22 UTC	Depends On		1298037
Wade Mealing	2016-01-13 04:35:32 UTC	Depends On		1298038
Wade Mealing	2016-01-13 04:35:39 UTC	Depends On		1298039
Wade Mealing	2016-01-13 04:35:49 UTC	Depends On		1298040
Wade Mealing	2016-01-13 07:14:22 UTC	Whiteboard	impact=moderate,public=no,reported=20160107,source=researcher,cvss2=4.1/AV:L/AC:M/Au:S/C:P/I:P/A:P,cwe=CWE-416,fedora-all/kernel=affected,rhel-4/kernel=notaffected,rhel-5/kernel=notaffected,rhel-6/kernel=notaffected,rhel-7/kernel=affected,rhel-7/kernel-rt=affected,rhelsa-7/kernel-biscayne=affected,mrg-2/realtime-kernel=affected	impact=moderate,public=no,reported=20160107,source=researcher,cvss2=7.2/AV:L/AC:L/Au:N/C:C/I:C/A:C,cwe=CWE-416,fedora-all/kernel=affected/cvss2=4.1/AV:L/AC:M/Au:S/C:P/I:P/A:P,rhel-4/kernel=notaffected/cvss2=4.1/AV:L/AC:M/Au:S/C:P/I:P/A:P,rhel-5/kernel=notaffected/cvss2=4.1/AV:L/AC:M/Au:S/C:P/I:P/A:P,rhel-6/kernel=notaffected/cvss2=4.1/AV:L/AC:M/Au:S/C:P/I:P/A:P,rhel-7/kernel=affected/cvss2=4.1/AV:L/AC:M/Au:S/C:P/I:P/A:P,rhel-7/kernel-rt=affected/cvss2=4.1/AV:L/AC:M/Au:S/C:P/I:P/A:P,rhelsa-7/kernel-biscayne=affected/cvss2=4.1/AV:L/AC:M/Au:S/C:P/I:P/A:P,mrg-2/realtime-kernel=affected/cvss2=4.1/AV:L/AC:M/Au:S/C:P/I:P/A:P
Wade Mealing	2016-01-14 04:09:39 UTC	CC		dhowells, wmealing
Wade Mealing	2016-01-14 06:55:02 UTC	Whiteboard	impact=moderate,public=no,reported=20160107,source=researcher,cvss2=7.2/AV:L/AC:L/Au:N/C:C/I:C/A:C,cwe=CWE-416,fedora-all/kernel=affected/cvss2=4.1/AV:L/AC:M/Au:S/C:P/I:P/A:P,rhel-4/kernel=notaffected/cvss2=4.1/AV:L/AC:M/Au:S/C:P/I:P/A:P,rhel-5/kernel=notaffected/cvss2=4.1/AV:L/AC:M/Au:S/C:P/I:P/A:P,rhel-6/kernel=notaffected/cvss2=4.1/AV:L/AC:M/Au:S/C:P/I:P/A:P,rhel-7/kernel=affected/cvss2=4.1/AV:L/AC:M/Au:S/C:P/I:P/A:P,rhel-7/kernel-rt=affected/cvss2=4.1/AV:L/AC:M/Au:S/C:P/I:P/A:P,rhelsa-7/kernel-biscayne=affected/cvss2=4.1/AV:L/AC:M/Au:S/C:P/I:P/A:P,mrg-2/realtime-kernel=affected/cvss2=4.1/AV:L/AC:M/Au:S/C:P/I:P/A:P	impact=important,public=no,reported=20160107,source=researcher,cvss2=7.2/AV:L/AC:L/Au:N/C:C/I:C/A:C,cwe=CWE-416,fedora-all/kernel=affected/cvss2=4.1/AV:L/AC:M/Au:S/C:P/I:P/A:P,rhel-4/kernel=notaffected/cvss2=4.1/AV:L/AC:M/Au:S/C:P/I:P/A:P,rhel-5/kernel=notaffected/cvss2=4.1/AV:L/AC:M/Au:S/C:P/I:P/A:P,rhel-6/kernel=notaffected/cvss2=4.1/AV:L/AC:M/Au:S/C:P/I:P/A:P,rhel-7/kernel=affected/cvss2=4.1/AV:L/AC:M/Au:S/C:P/I:P/A:P,rhel-7/kernel-rt=affected/cvss2=4.1/AV:L/AC:M/Au:S/C:P/I:P/A:P,rhelsa-7/kernel-biscayne=affected/cvss2=4.1/AV:L/AC:M/Au:S/C:P/I:P/A:P,mrg-2/realtime-kernel=affected/cvss2=4.1/AV:L/AC:M/Au:S/C:P/I:P/A:P
Wade Mealing	2016-01-14 07:00:46 UTC	Doc Text		A use-after-free vulnerability in the kernel keyring facility, possibly leading to local privilege escalation, was found. The usage field can be possibly overflowed causing use-after-free on the keyring object.
Wade Mealing	2016-01-15 02:46:34 UTC	Comment 6 is private	1	0
Petr Matousek	2016-01-15 12:25:56 UTC	Priority	medium	high
		CC		pmatouse
		Severity	medium	high
Petr Matousek	2016-01-15 12:33:35 UTC	Depends On		1298931
Wade Mealing	2016-01-18 02:12:32 UTC	CC		fche
Wade Mealing	2016-01-19 11:56:46 UTC	Whiteboard	impact=important,public=no,reported=20160107,source=researcher,cvss2=7.2/AV:L/AC:L/Au:N/C:C/I:C/A:C,cwe=CWE-416,fedora-all/kernel=affected/cvss2=4.1/AV:L/AC:M/Au:S/C:P/I:P/A:P,rhel-4/kernel=notaffected/cvss2=4.1/AV:L/AC:M/Au:S/C:P/I:P/A:P,rhel-5/kernel=notaffected/cvss2=4.1/AV:L/AC:M/Au:S/C:P/I:P/A:P,rhel-6/kernel=notaffected/cvss2=4.1/AV:L/AC:M/Au:S/C:P/I:P/A:P,rhel-7/kernel=affected/cvss2=4.1/AV:L/AC:M/Au:S/C:P/I:P/A:P,rhel-7/kernel-rt=affected/cvss2=4.1/AV:L/AC:M/Au:S/C:P/I:P/A:P,rhelsa-7/kernel-biscayne=affected/cvss2=4.1/AV:L/AC:M/Au:S/C:P/I:P/A:P,mrg-2/realtime-kernel=affected/cvss2=4.1/AV:L/AC:M/Au:S/C:P/I:P/A:P	impact=important,public=20160119,reported=20160107,source=researcher,cvss2=7.2/AV:L/AC:L/Au:N/C:C/I:C/A:C,cwe=CWE-416,fedora-all/kernel=affected/cvss2=4.1/AV:L/AC:M/Au:S/C:P/I:P/A:P,rhel-4/kernel=notaffected/cvss2=4.1/AV:L/AC:M/Au:S/C:P/I:P/A:P,rhel-5/kernel=notaffected/cvss2=4.1/AV:L/AC:M/Au:S/C:P/I:P/A:P,rhel-6/kernel=notaffected/cvss2=4.1/AV:L/AC:M/Au:S/C:P/I:P/A:P,rhel-7/kernel=affected/cvss2=4.1/AV:L/AC:M/Au:S/C:P/I:P/A:P,rhel-7/kernel-rt=affected/cvss2=4.1/AV:L/AC:M/Au:S/C:P/I:P/A:P,rhelsa-7/kernel-biscayne=affected/cvss2=4.1/AV:L/AC:M/Au:S/C:P/I:P/A:P,mrg-2/realtime-kernel=affected/cvss2=4.1/AV:L/AC:M/Au:S/C:P/I:P/A:P
Wade Mealing	2016-01-19 11:57:02 UTC	Summary	EMBARGOED CVE-2016-0728 kernel: Possible use-after-free vulnerability in keyring facility	CVE-2016-0728 kernel: Possible use-after-free vulnerability in keyring facility
Wade Mealing	2016-01-19 11:57:11 UTC	Group	security, qe_staff
Wade Mealing	2016-01-19 12:13:51 UTC	Whiteboard	impact=important,public=20160119,reported=20160107,source=researcher,cvss2=7.2/AV:L/AC:L/Au:N/C:C/I:C/A:C,cwe=CWE-416,fedora-all/kernel=affected/cvss2=4.1/AV:L/AC:M/Au:S/C:P/I:P/A:P,rhel-4/kernel=notaffected/cvss2=4.1/AV:L/AC:M/Au:S/C:P/I:P/A:P,rhel-5/kernel=notaffected/cvss2=4.1/AV:L/AC:M/Au:S/C:P/I:P/A:P,rhel-6/kernel=notaffected/cvss2=4.1/AV:L/AC:M/Au:S/C:P/I:P/A:P,rhel-7/kernel=affected/cvss2=4.1/AV:L/AC:M/Au:S/C:P/I:P/A:P,rhel-7/kernel-rt=affected/cvss2=4.1/AV:L/AC:M/Au:S/C:P/I:P/A:P,rhelsa-7/kernel-biscayne=affected/cvss2=4.1/AV:L/AC:M/Au:S/C:P/I:P/A:P,mrg-2/realtime-kernel=affected/cvss2=4.1/AV:L/AC:M/Au:S/C:P/I:P/A:P	impact=important,public=20160119,reported=20160107,source=researcher,cvss2=7.2/AV:L/AC:L/Au:N/C:C/I:C/A:C,cwe=CWE-416,fedora-all/kernel=affected,rhel-4/kernel=notaffected,rhel-5/kernel=notaffected,rhel-6/kernel=notaffected,rhel-7/kernel=affected,rhel-7/kernel-rt=affected,rhelsa-7/kernel-biscayne=affected,mrg-2/realtime-kernel=affected
Arkadiusz Miskiewicz	2016-01-19 14:43:51 UTC	CC		arekm
Pat Riehecky	2016-01-19 14:58:34 UTC	CC		riehecky
Alwin	2016-01-19 16:01:48 UTC	CC		alwin.warringa
Brian Likosar	2016-01-19 16:37:16 UTC	CC		liko
Tru Huynh	2016-01-19 18:48:57 UTC	CC		tru
Eric Eisenhart	2016-01-19 20:58:28 UTC	CC		eric.eisenhart
Sam Yangsao	2016-01-19 22:19:18 UTC	CC		syangsao
Jared Smith	2016-01-19 22:55:42 UTC	CC		jsmith.fedora
Arkadiusz Miskiewicz	2016-01-19 23:02:00 UTC	CC	arekm
Jay Shin	2016-01-20 01:12:41 UTC	CC		jaeshin
Jay Shin	2016-01-20 01:12:41 UTC	Link ID		Red Hat Knowledge Base (Solution) 2130791
Robin Edser	2016-01-20 04:29:39 UTC	CC		robine
Trond Hagen	2016-01-20 05:31:05 UTC	CC		trond
Ahmed Nazmy	2016-01-20 07:10:37 UTC	CC		anazmy
Slawomir Czarko	2016-01-20 07:34:29 UTC	CC		slawomir
Leon	2016-01-20 08:59:59 UTC	CC		leon
Paul Dwyer	2016-01-20 09:12:23 UTC	CC		pdwyer
marcvw	2016-01-20 10:04:20 UTC	CC		marcvanwageningen
Ganesh	2016-01-20 10:40:15 UTC	CC		gnaik
Mario Rosic	2016-01-20 13:23:37 UTC	CC		bugs
Greg Bailey	2016-01-20 13:43:09 UTC	CC		gbailey
Stephen Colebrook	2016-01-20 13:44:13 UTC	CC		scolebrook
Vadym Chepkov	2016-01-20 13:51:03 UTC	CC		vchepkov
Patrick Hurrelmann	2016-01-20 14:04:57 UTC	CC		emilovanov
Patrick Hurrelmann	2016-01-20 14:04:57 UTC	CC		patrick.hurrelmann
James Eckersall	2016-01-20 14:45:38 UTC	CC		james.eckersall
Ron van der Wees	2016-01-20 14:48:27 UTC	CC		rvdwees
Pim Rupert	2016-01-20 15:09:31 UTC	CC		pim
Fabian Deutsch	2016-01-20 15:39:42 UTC	CC		fdeutsch
Rodrigo A B Freire	2016-01-20 17:51:07 UTC	CC		rfreire
Steve Watt	2016-01-20 18:32:10 UTC	CC		swat
Dylan Gross	2016-01-20 18:56:56 UTC	CC		dgross
Marcin Zajaczkowski	2016-01-20 23:46:04 UTC	CC		mszpak
Didier Fabert (tartare)	2016-01-21 07:35:39 UTC	CC		didier.fabert
Timm Stamer	2016-01-21 07:54:31 UTC	CC		timm2k
Robin Cernin	2016-01-21 15:31:27 UTC	CC		gagriogi
Robin Cernin	2016-01-21 15:31:27 UTC	CC		rcernin
Cole Towsley	2016-01-21 16:31:39 UTC	CC		ctowsley
Marc Milgram	2016-01-21 18:22:22 UTC	CC		mmilgram
Jonathan Moore	2016-01-21 21:03:37 UTC	CC		jonathan.moore
Naftuli Tzvi Kay	2016-01-22 00:28:11 UTC	CC		rfkrocktk
Summer Long	2016-01-22 01:30:59 UTC	CC		slong
Summer Long	2016-01-22 01:30:59 UTC	Doc Text	A use-after-free vulnerability in the kernel keyring facility, possibly leading to local privilege escalation, was found. The usage field can be possibly overflowed causing use-after-free on the keyring object.	A use-after-free vulnerability was discovered in the kernel's keyring facility, possibly leading to local privilege escalation. The usage field can possibly overflow, causing a use-after-free error on the keyring object. The flaw could allow a skilled attacker to execute arbitrary code and also be used to escalate their privileges on the system. The attacker must be able to run custom code on the account; in the most common configuration, this requires them to have a login and shell account on the target system.
Alex Strachan	2016-01-22 04:59:29 UTC	CC		alexander.strachan
James Hartsock	2016-01-22 20:20:17 UTC	CC		hartsjc
Tadej Janež	2016-01-23 14:43:31 UTC	CC		tadej.j
liuwei	2016-01-25 01:50:04 UTC	CC		wliu
Jay Shin	2016-01-25 01:52:14 UTC	Link ID		Red Hat Knowledge Base (Article) 2131021
Muhammad Azhar Shaikh	2016-01-25 05:07:41 UTC	CC		mdshaikh
Rik Theys	2016-01-25 09:08:39 UTC	CC		rik.theys
Martin Prpič	2016-01-25 13:14:24 UTC	Doc Text	A use-after-free vulnerability was discovered in the kernel's keyring facility, possibly leading to local privilege escalation. The usage field can possibly overflow, causing a use-after-free error on the keyring object. The flaw could allow a skilled attacker to execute arbitrary code and also be used to escalate their privileges on the system. The attacker must be able to run custom code on the account; in the most common configuration, this requires them to have a login and shell account on the target system.	A use-after-free flaw was found in the way the Linux kernel's key management subsystem handled keyring object reference counting in certain error path of the join_session_keyring() function. A local, unprivileged user could use this flaw to escalate their privileges on the system.
Petr Matousek	2016-01-25 14:38:10 UTC	Whiteboard	impact=important,public=20160119,reported=20160107,source=researcher,cvss2=7.2/AV:L/AC:L/Au:N/C:C/I:C/A:C,cwe=CWE-416,fedora-all/kernel=affected,rhel-4/kernel=notaffected,rhel-5/kernel=notaffected,rhel-6/kernel=notaffected,rhel-7/kernel=affected,rhel-7/kernel-rt=affected,rhelsa-7/kernel-biscayne=affected,mrg-2/realtime-kernel=affected	impact=important,public=20160119,reported=20160107,source=researcher,cvss2=7.2/AV:L/AC:L/Au:N/C:C/I:C/A:C,cwe=CWE-416,fedora-all/kernel=affected,rhel-4/kernel=notaffected,rhel-5/kernel=notaffected,rhel-6/kernel=notaffected,rhel-7/kernel=affected,rhel-7/kernel-rt=affected,rhelsa-7/arm-kernel=affected,mrg-2/realtime-kernel=affected
Naftuli Tzvi Kay	2016-01-25 19:34:55 UTC	CC	rfkrocktk
Yasuhiro Ozone	2016-01-26 09:48:52 UTC	CC		yozone
Trond Hagen	2016-01-26 10:24:56 UTC	CC	trond
Moritz Baumann	2016-01-26 10:28:44 UTC	CC		baumanmo
Trond H. Amundsen	2016-01-27 13:31:50 UTC	CC		t.h.amundsen
Alan Bartlett	2016-01-27 22:35:03 UTC	CC		ajb, toracat
Hanns-Joachim Uhl	2016-01-28 12:15:55 UTC	CC		hannsj_uhl
Maurizio Schena	2016-01-29 08:49:52 UTC	CC		mschena
Rodrigo A B Freire	2016-01-29 11:18:16 UTC	CC	rfreire
Petr Matousek	2016-01-29 13:49:29 UTC	Status	NEW	CLOSED
		Resolution	---	ERRATA
		Last Closed		2016-01-29 08:49:29 UTC
Mario Rosic	2016-01-29 14:43:28 UTC	CC	bugs
Robin Edser	2016-02-01 06:28:04 UTC	CC	robine
Product Security DevOps Team	2019-09-29 13:41:49 UTC	Whiteboard	impact=important,public=20160119,reported=20160107,source=researcher,cvss2=7.2/AV:L/AC:L/Au:N/C:C/I:C/A:C,cwe=CWE-416,fedora-all/kernel=affected,rhel-4/kernel=notaffected,rhel-5/kernel=notaffected,rhel-6/kernel=notaffected,rhel-7/kernel=affected,rhel-7/kernel-rt=affected,rhelsa-7/arm-kernel=affected,mrg-2/realtime-kernel=affected

Back to bug 1297475