Back to bug 1389433
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Adam Mariš | 2016-10-27 14:59:22 UTC | CC | security-response-team | |
| Adam Mariš | 2016-10-27 15:00:01 UTC | Depends On | 1389309 | |
| Adam Mariš | 2016-10-27 15:00:37 UTC | CC | dhowells | |
| Adam Mariš | 2016-10-27 15:04:02 UTC | Blocks | 1389436 | |
| Vladis Dronov | 2016-12-08 12:53:44 UTC | CC | vdronov | |
| Adam Mariš | 2017-03-13 12:31:25 UTC | Summary | EMBARGOED kernel: Bypassing module verification using KEYCTL_JOIN_SESSION_KEYRING | EMBARGOED CVE-2016-9604 kernel: Bypassing module verification using KEYCTL_JOIN_SESSION_KEYRING |
| Alias | CVE-2016-9604 | |||
| Whiteboard | impact=low,public=no,reported=20161027,source=redhat,cvss2=1.2/AV:L/AC:H/Au:N/C:N/I:P/A:N,cvss3=4.4/CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N,rhel-5/kernel=new,rhel-6/kernel=new,rhel-7/kernel=new,rhel-7/kernel-rt=new,mrg-2/realtime-kernel=new,rhelsa-7/arm-kernel=new,fedora-all/kernel=affected | impact=low,reported=20161027,source=redhat,cvss2=1.2/AV:L/AC:H/Au:N/C:N/I:P/A:N,cvss3=4.4/CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N,rhel-5/kernel=new,rhel-6/kernel=new,rhel-7/kernel=new,rhel-7/kernel-rt=new,mrg-2/realtime-kernel=new,rhelsa-7/arm-kernel=new,fedora-all/kernel=affected | ||
| Vladis Dronov | 2017-04-07 15:09:10 UTC | Summary | EMBARGOED CVE-2016-9604 kernel: Bypassing module verification using KEYCTL_JOIN_SESSION_KEYRING | EMBARGOED CVE-2016-9604 kernel: security: The built-in keyrings for security tokens can be joined as a session and then modified by the root user |
| Vladis Dronov | 2017-04-07 15:15:55 UTC | Whiteboard | impact=low,reported=20161027,source=redhat,cvss2=1.2/AV:L/AC:H/Au:N/C:N/I:P/A:N,cvss3=4.4/CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N,rhel-5/kernel=new,rhel-6/kernel=new,rhel-7/kernel=new,rhel-7/kernel-rt=new,mrg-2/realtime-kernel=new,rhelsa-7/arm-kernel=new,fedora-all/kernel=affected | impact=low,reported=20161027,source=redhat,cvss2=1.2/AV:L/AC:H/Au:N/C:N/I:P/A:N,cvss3=4.4/CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N,rhel-5/kernel=notaffected,rhel-6/kernel=notaffected,rhel-7/kernel=affected,rhel-7/kernel-rt=affected,mrg-2/realtime-kernel=affected,rhelsa-7/arm-kernel=affected,fedora-all/kernel=affected |
| Vladis Dronov | 2017-04-07 15:16:46 UTC | Whiteboard | impact=low,reported=20161027,source=redhat,cvss2=1.2/AV:L/AC:H/Au:N/C:N/I:P/A:N,cvss3=4.4/CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N,rhel-5/kernel=notaffected,rhel-6/kernel=notaffected,rhel-7/kernel=affected,rhel-7/kernel-rt=affected,mrg-2/realtime-kernel=affected,rhelsa-7/arm-kernel=affected,fedora-all/kernel=affected | impact=low,reported=20161027,source=redhat,cvss2=1.2/AV:L/AC:H/Au:N/C:N/I:P/A:N,cvss3=4.4/CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N,rhel-5/kernel=notaffected,rhel-6/kernel=notaffected,rhel-7/kernel=affected,rhel-7/kernel-rt=affected,mrg-2/realtime-kernel=affected,rhelsa-7/kernel-pegas=affected,fedora-all/kernel=affected |
| Vladis Dronov | 2017-04-07 15:17:05 UTC | Depends On | 1440220 | |
| Vladis Dronov | 2017-04-07 15:20:23 UTC | Depends On | 1440223 | |
| Vladis Dronov | 2017-04-07 15:20:32 UTC | Depends On | 1440224 | |
| Vladis Dronov | 2017-04-07 15:23:05 UTC | Doc Text | It was found that it is possible for root to gain direct access to an internal keyring, such as '.dns_resolver' in RHEL-7 or '.builtin_trusted_keys' upstream, by joining it as its session keyring. This allows root to bypass module signature verification by adding a new public key of its own devising to the keyring. | |
| Eric Christensen | 2017-04-10 13:13:44 UTC | Doc Text | It was found that it is possible for root to gain direct access to an internal keyring, such as '.dns_resolver' in RHEL-7 or '.builtin_trusted_keys' upstream, by joining it as its session keyring. This allows root to bypass module signature verification by adding a new public key of its own devising to the keyring. | It was discovered that root can gain direct access to an internal keyring, such as '.dns_resolver' in RHEL-7 or '.builtin_trusted_keys' upstream, by joining it as its session keyring. This allows root to bypass module signature verification by adding a new public key of its own devising to the keyring. |
| Petr Matousek | 2017-04-28 08:12:35 UTC | CC | pmatouse | |
| Vladis Dronov | 2017-04-28 10:55:59 UTC | Whiteboard | impact=low,reported=20161027,source=redhat,cvss2=1.2/AV:L/AC:H/Au:N/C:N/I:P/A:N,cvss3=4.4/CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N,rhel-5/kernel=notaffected,rhel-6/kernel=notaffected,rhel-7/kernel=affected,rhel-7/kernel-rt=affected,mrg-2/realtime-kernel=affected,rhelsa-7/kernel-pegas=affected,fedora-all/kernel=affected | impact=low,public=20170418,reported=20161027,source=redhat,cvss2=1.2/AV:L/AC:H/Au:N/C:N/I:P/A:N,cvss3=4.4/CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N,rhel-5/kernel=notaffected,rhel-6/kernel=notaffected,rhel-7/kernel=affected,rhel-7/kernel-rt=affected,mrg-2/realtime-kernel=affected,rhelsa-7/kernel-pegas=affected,fedora-all/kernel=affected |
| Vladis Dronov | 2017-04-28 11:00:02 UTC | Whiteboard | impact=low,public=20170418,reported=20161027,source=redhat,cvss2=1.2/AV:L/AC:H/Au:N/C:N/I:P/A:N,cvss3=4.4/CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N,rhel-5/kernel=notaffected,rhel-6/kernel=notaffected,rhel-7/kernel=affected,rhel-7/kernel-rt=affected,mrg-2/realtime-kernel=affected,rhelsa-7/kernel-pegas=affected,fedora-all/kernel=affected | impact=low,public=20170418,reported=20161027,source=redhat,cvss2=1.2/AV:L/AC:H/Au:N/C:N/I:P/A:N,cvss3=4.4/CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N,rhel-5/kernel=notaffected,rhel-6/kernel=affected,rhel-7/kernel=affected,rhel-7/kernel-rt=affected,mrg-2/realtime-kernel=affected,rhelsa-7/kernel-pegas=affected,fedora-all/kernel=affected |
| Vladis Dronov | 2017-04-28 11:03:23 UTC | Doc Type | If docs needed, set a value | Bug Fix |
| Vladis Dronov | 2017-04-28 11:05:45 UTC | Summary | EMBARGOED CVE-2016-9604 kernel: security: The built-in keyrings for security tokens can be joined as a session and then modified by the root user | CVE-2016-9604 kernel: security: The built-in keyrings for security tokens can be joined as a session and then modified by the root user |
| Vladis Dronov | 2017-04-28 11:05:54 UTC | Group | security, qe_staff | |
| Vladis Dronov | 2017-04-28 11:06:15 UTC | Depends On | 1446566 | |
| Vladis Dronov | 2017-04-28 11:10:32 UTC | Depends On | 1446569 | |
| Vladis Dronov | 2017-04-28 11:21:15 UTC | Whiteboard | impact=low,public=20170418,reported=20161027,source=redhat,cvss2=1.2/AV:L/AC:H/Au:N/C:N/I:P/A:N,cvss3=4.4/CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N,rhel-5/kernel=notaffected,rhel-6/kernel=affected,rhel-7/kernel=affected,rhel-7/kernel-rt=affected,mrg-2/realtime-kernel=affected,rhelsa-7/kernel-pegas=affected,fedora-all/kernel=affected | impact=low,public=20170418,reported=20161027,source=redhat,cvss2=1.2/AV:L/AC:H/Au:N/C:N/I:P/A:N,cvss3=4.4/CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N,cwe=CWE-732,rhel-5/kernel=notaffected,rhel-6/kernel=affected,rhel-7/kernel=affected,rhel-7/kernel-rt=affected,mrg-2/realtime-kernel=affected,rhelsa-7/kernel-pegas=affected,fedora-all/kernel=affected |
| Jon Masters | 2017-05-08 03:58:47 UTC | CC | jcm | |
| PnT Account Manager | 2018-02-07 23:19:46 UTC | CC | agordeev | |
| Sam Fowler | 2018-07-11 03:43:03 UTC | Fixed In Version | kernel 4.11-rc8 | |
| PnT Account Manager | 2018-07-19 06:21:21 UTC | CC | mguzik | |
| PnT Account Manager | 2018-08-28 22:09:13 UTC | CC | lwang | |
| Eric Sammons | 2019-02-08 15:02:43 UTC | CC | esammons | |
| Product Security DevOps Team | 2019-06-08 03:01:26 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2019-06-08 03:01:26 UTC | |||
| Product Security DevOps Team | 2019-09-29 13:59:56 UTC | Whiteboard | impact=low,public=20170418,reported=20161027,source=redhat,cvss2=1.2/AV:L/AC:H/Au:N/C:N/I:P/A:N,cvss3=4.4/CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N,cwe=CWE-732,rhel-5/kernel=notaffected,rhel-6/kernel=affected,rhel-7/kernel=affected,rhel-7/kernel-rt=affected,mrg-2/realtime-kernel=affected,rhelsa-7/kernel-pegas=affected,fedora-all/kernel=affected |
Back to bug 1389433