The linux kernels implementation of "big key" management in security/keys/big_key.c in the Linux kernel before 4.8.7 mishandles unsuccessful
crypto registration in conjunction with successful key-type registration, which
allows local users to cause a denial of service (NULL pointer dereference and
panic) or possibly have unspecified other impact via a crafted application that
uses the big_key data type.
As per the patch notes the Red Hat Enterprise Linux code contains neither big_key_rng and big_key_blkcipher, which can be set to null. The Red Hat Enterprise Linux source contains no blkcipher code to be affected.
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 1399522]
This was fixed in the 4.8.7 kernel update which was available to all fedora releases on November 17 2016
This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5,6 and 7 as the code with the flaw is not present in the products listed.