Bug 1284450 - (CVE-2015-8539) CVE-2015-8539 kernel: local privesc in key management
CVE-2015-8539 kernel: local privesc in key management
Status: NEW
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
high Severity high
: ---
: ---
Assigned To: Red Hat Product Security
impact=important,public=20151209,repo...
: Security
Depends On: 1411618 1411621 1411622 1411623 1411624 1466457 1284059 1411619 1411620
Blocks: 1284354
  Show dependency treegraph
 
Reported: 2015-11-23 06:33 EST by Wade Mealing
Modified: 2017-06-30 04:31 EDT (History)
27 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
A flaw was found in the Linux kernels key management system where it was possible for an attacker to escalate privileges or crash the machine. If a user key gets negatively instantiated, an error code is cached in the payload area. A negatively instantiated key may be then be positively instantiated by updating it with valid data. However, the ->update key type method must be aware that the error code may be there.
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Wade Mealing 2015-11-23 06:33:15 EST
A flaw was found in  the Linux kernels key management
system where it was possible for an attacker to escalate privileges
or crash the machine.  

If a user key gets negatively instantiated, an error code is cached in the
payload area.  A negatively instantiated key may be then be positively
instantiated by updating it with valid data.  However, the ->update key
type method must be aware that the error code may be there.

Key management subsystems can abused to escalate privileges through memory corruption.

Upstream:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=096fe9eaea40a17e125569f9e657e34cdb6d73bd
Comment 2 Wade Mealing 2015-12-08 19:57:32 EST
Acknowledgment:

Red Hat would like to thank Dmitry Vyukov of Google engineering for reporting this issue to Red Hat.
Comment 3 Adam Mariš 2015-12-14 08:53:59 EST
CVE-2015-8539 was assigned:

http://seclists.org/oss-sec/2015/q4/465
Comment 5 Wade Mealing 2017-01-10 01:15:18 EST
Statement:

This issue does not affect the Linux kernels as shipped with Red Hat Enterprise Linux 4 and 5.  This issue does affect the kernels shipped with Red Hat Enterprise Linux 6, 7, MRG-2 and realtime kernels and plans to be addressed in a future update.

Note You need to log in before you can comment on or make changes to this bug.