Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
Bug 1284450 - (CVE-2015-8539) CVE-2015-8539 kernel: local privesc in key management
CVE-2015-8539 kernel: local privesc in key management
Status: NEW
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
high Severity high
: ---
: ---
Assigned To: Red Hat Product Security
impact=important,public=20151209,repo...
: Security
Depends On: 1284059 1411618 1411619 1411620 1411621 1411622 1411623 1411624 1466457
Blocks: 1284354
  Show dependency treegraph
 
Reported: 2015-11-23 06:33 EST by Wade Mealing
Modified: 2018-08-28 18:00 EDT (History)
24 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
A flaw was found in the Linux kernel's key management system where it was possible for an attacker to escalate privileges or crash the machine. If a user key gets negatively instantiated, an error code is cached in the payload area. A negatively instantiated key may be then be positively instantiated by updating it with valid data. However, the ->update key type method must be aware that the error code may be there.
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2018:0151 normal SHIPPED_LIVE Important: kernel security and bug fix update 2018-01-25 11:17:48 EST
Red Hat Product Errata RHSA-2018:0152 normal SHIPPED_LIVE Important: kernel-rt security and bug fix update 2018-01-25 11:18:22 EST
Red Hat Product Errata RHSA-2018:0181 normal SHIPPED_LIVE Important: kernel-rt security and bug fix update 2018-01-25 11:26:34 EST

  None (edit)
Description Wade Mealing 2015-11-23 06:33:15 EST
A flaw was found in  the Linux kernels key management
system where it was possible for an attacker to escalate privileges
or crash the machine.  

If a user key gets negatively instantiated, an error code is cached in the
payload area.  A negatively instantiated key may be then be positively
instantiated by updating it with valid data.  However, the ->update key
type method must be aware that the error code may be there.

Key management subsystems can abused to escalate privileges through memory corruption.

Upstream:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=096fe9eaea40a17e125569f9e657e34cdb6d73bd
Comment 2 Wade Mealing 2015-12-08 19:57:32 EST
Acknowledgment:

Red Hat would like to thank Dmitry Vyukov of Google engineering for reporting this issue to Red Hat.
Comment 3 Adam Mariš 2015-12-14 08:53:59 EST
CVE-2015-8539 was assigned:

http://seclists.org/oss-sec/2015/q4/465
Comment 5 Wade Mealing 2017-01-10 01:15:18 EST
Statement:

This issue does not affect the Linux kernels as shipped with Red Hat Enterprise Linux 4 and 5.  This issue does affect the kernels shipped with Red Hat Enterprise Linux 6, 7, MRG-2 and realtime kernels and plans to be addressed in a future update.
Comment 10 Eric Christensen 2018-01-08 14:28:54 EST
Acknowledgments:
Comment 11 errata-xmlrpc 2018-01-25 06:25:20 EST
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2018:0151 https://access.redhat.com/errata/RHSA-2018:0151
Comment 12 errata-xmlrpc 2018-01-25 06:29:47 EST
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2018:0152 https://access.redhat.com/errata/RHSA-2018:0152
Comment 13 errata-xmlrpc 2018-01-25 06:32:01 EST
This issue has been addressed in the following products:

  Red Hat Enterprise MRG 2

Via RHSA-2018:0181 https://access.redhat.com/errata/RHSA-2018:0181

Note You need to log in before you can comment on or make changes to this bug.