Back to bug 1399519
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Andrej Nemec | 2016-11-29 09:08:18 UTC | Depends On | 1399522 | |
| Andrej Nemec | 2016-11-29 09:18:22 UTC | Blocks | 1399529 | |
| Slawomir Czarko | 2016-11-29 09:43:43 UTC | CC | slawomir | |
| Yasuhiro Ozone | 2016-12-08 07:32:12 UTC | CC | yozone | |
| Wade Mealing | 2016-12-21 01:52:57 UTC | CC | wmealing | |
| Wade Mealing | 2016-12-21 01:59:57 UTC | Whiteboard | impact=moderate,public=20160722,reported=20160722,source=oss-security,cvss2=4.7/AV:L/AC:M/Au:N/C:N/I:N/A:C,cvss3=5.5/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H,cwe=CWE-476,rhel-5/kernel=new,rhel-6/kernel=new,rhel-7/kernel=new,rhel-7/kernel-rt=new,mrg-2/realtime-kernel=new,rhelsa-7/arm-kernel=new,fedora-all/kernel=affected | impact=moderate,public=20160722,reported=20160722,source=oss-security,cvss2=4.7/AV:L/AC:M/Au:N/C:N/I:N/A:C,cvss3=5.5/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H,cwe=CWE-476,rhel-5/kernel=notaffected,rhel-6/kernel=notaffected,rhel-7/kernel=notaffected,rhel-7/kernel-rt=notaffected,mrg-2/realtime-kernel=notaffected,rhelsa-7/arm-kernel=notaffected,fedora-all/kernel=affected |
| Wade Mealing | 2016-12-21 02:25:07 UTC | Doc Text | The linux kernels implementation of "big key" management in security/keys/big_key.c in the Linux kernel before 4.8.7 mishandles unsuccessful crypto registration in conjunction with successful key-type registration, which allows local users to cause a denial of service (NULL pointer dereference and panic) or possibly have unspecified other impact via a crafted application that uses the big_key data type. |
|
| Eric Christensen | 2016-12-21 19:07:05 UTC | Doc Text | The linux kernels implementation of "big key" management in security/keys/big_key.c in the Linux kernel before 4.8.7 mishandles unsuccessful crypto registration in conjunction with successful key-type registration, which allows local users to cause a denial of service (NULL pointer dereference and panic) or possibly have unspecified other impact via a crafted application that uses the big_key data type. | The implementation of big key management in security/keys/big_key.c in the Linux kernel before 4.8.7 mishandles unsuccessful crypto registration in conjunction with successful key-type registration, which allows local users to cause a denial of service (NULL pointer dereference and panic) or possibly have unspecified other impact via a crafted application that uses the big_key data type. |
| Vladis Dronov | 2017-01-25 15:33:20 UTC | Status | NEW | CLOSED |
| CC | vdronov | |||
| Resolution | --- | NOTABUG | ||
| Last Closed | 2017-01-25 10:33:20 UTC | |||
| Product Security DevOps Team | 2019-09-29 14:00:54 UTC | Whiteboard | impact=moderate,public=20160722,reported=20160722,source=oss-security,cvss2=4.7/AV:L/AC:M/Au:N/C:N/I:N/A:C,cvss3=5.5/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H,cwe=CWE-476,rhel-5/kernel=notaffected,rhel-6/kernel=notaffected,rhel-7/kernel=notaffected,rhel-7/kernel-rt=notaffected,mrg-2/realtime-kernel=notaffected,rhelsa-7/arm-kernel=notaffected,fedora-all/kernel=affected |
Back to bug 1399519