Hide Forgot
A local user can trigger a flaw in the Linux kernel's handling of key lookups in the keychain subsystem. The key_reject_and_link() function contains an error in which a key-lookup can fail and in an attempt to cache the failed lookup may attempt to free memory which can still be in use. This could crash the system or at worse free a memory block which would then be re-used by another kernel mechanism causing a user after free. Product bug: https://bugzilla.redhat.com/show_bug.cgi?id=1341352 Upstream patch: https://www.spinics.net/lists/linux-kernel-janitors/msg26069.html
Acknowledgements: Name: David Howells (Red Hat)
Statement: This issue affects the Linux kernels as shipped with Red Hat Enterprise Linux 6 and may be addressed in a future update. This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG 2 as the due updates to fix this issue have been shipped now.
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1346626]
Applied upstream: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=38327424b40bcebe2de92d07312c89360ac9229a
kernel-4.6.3-300.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.
kernel-4.5.7-202.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
kernel-4.4.14-200.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in the following products: MRG for RHEL-6 v.2 Via RHSA-2016:1532 https://rhn.redhat.com/errata/RHSA-2016-1532.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2016:1539 https://rhn.redhat.com/errata/RHSA-2016-1539.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2016:1541 https://rhn.redhat.com/errata/RHSA-2016-1541.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.1 Extended Update Support Via RHSA-2016:1657 https://rhn.redhat.com/errata/RHSA-2016-1657.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2016:2006 https://rhn.redhat.com/errata/RHSA-2016-2006.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 6.5 Advanced Update Support Via RHSA-2016:2074 https://rhn.redhat.com/errata/RHSA-2016-2074.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 6.7 Extended Update Support Via RHSA-2016:2076 https://rhn.redhat.com/errata/RHSA-2016-2076.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 6.6 Extended Update Support Via RHSA-2016:2128 https://rhn.redhat.com/errata/RHSA-2016-2128.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 6.4 Advanced Update Support Via RHSA-2016:2133 https://rhn.redhat.com/errata/RHSA-2016-2133.html