|Summary:||CVE-2015-8539 kernel: local privesc in key management|
|Product:||[Other] Security Response||Reporter:||Wade Mealing <wmealing>|
|Component:||vulnerability||Assignee:||Red Hat Product Security <security-response-team>|
|Status:||NEW ---||QA Contact:|
|Version:||unspecified||CC:||aquini, bhu, carnil, dhoward, dhowells, fhrbata, iboverma, jforbes, jkacur, jross, jwboyer, labbott, lgoncalv, matt, mcressma, nmurray, pholasek, plougher, rvrbovsk, security-response-team, vgoyal, vvs, williams|
|Fixed In Version:||Doc Type:||Bug Fix|
A flaw was found in the Linux kernel's key management system where it was possible for an attacker to escalate privileges or crash the machine. If a user key gets negatively instantiated, an error code is cached in the payload area. A negatively instantiated key may be then be positively instantiated by updating it with valid data. However, the ->update key type method must be aware that the error code may be there.
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
|Bug Depends On:||1284059, 1411618, 1411619, 1411620, 1411621, 1411622, 1411623, 1411624, 1466457|
Description Wade Mealing 2015-11-23 11:33:15 UTC
A flaw was found in the Linux kernels key management system where it was possible for an attacker to escalate privileges or crash the machine. If a user key gets negatively instantiated, an error code is cached in the payload area. A negatively instantiated key may be then be positively instantiated by updating it with valid data. However, the ->update key type method must be aware that the error code may be there. Key management subsystems can abused to escalate privileges through memory corruption. Upstream: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=096fe9eaea40a17e125569f9e657e34cdb6d73bd
Comment 2 Wade Mealing 2015-12-09 00:57:32 UTC
Acknowledgment: Red Hat would like to thank Dmitry Vyukov of Google engineering for reporting this issue to Red Hat.
Comment 3 Adam Mariš 2015-12-14 13:53:59 UTC
CVE-2015-8539 was assigned: http://seclists.org/oss-sec/2015/q4/465
Comment 5 Wade Mealing 2017-01-10 06:15:18 UTC
Statement: This issue does not affect the Linux kernels as shipped with Red Hat Enterprise Linux 4 and 5. This issue does affect the kernels shipped with Red Hat Enterprise Linux 6, 7, MRG-2 and realtime kernels and plans to be addressed in a future update.
Comment 6 Wade Mealing 2017-01-10 06:28:12 UTC
Comment 10 Eric Christensen 2018-01-08 19:28:54 UTC
Comment 11 errata-xmlrpc 2018-01-25 11:25:20 UTC
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2018:0151 https://access.redhat.com/errata/RHSA-2018:0151
Comment 12 errata-xmlrpc 2018-01-25 11:29:47 UTC
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2018:0152 https://access.redhat.com/errata/RHSA-2018:0152