// For flags

CVE-2015-7872

kernel: Keyrings crash triggerable by unprivileged user

Severity Score

7.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 4.2.6 allows local users to cause a denial of service (OOPS) via crafted keyctl commands.

La función key_gc_unused_keys en security/keys/gc.c en el kernel Linux hasta la versión 4.2.6 permite a usuarios locales causar una denegación de servicio (OOPS) a través de comandos keyctl manipulados.

It was found that the Linux kernel's keys subsystem did not correctly garbage collect uninstantiated keyrings. A local attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2015-10-20 CVE Reserved
  • 2015-11-10 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-20: Improper Input Validation
  • CWE-456: Missing Initialization of a Variable
CAPEC
References (47)
URL Tag Source
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ce1fad2740c648a4340f6f6c391a8a83769d2e8c X_refsource_confirm
http://www.openwall.com/lists/oss-security/2015/10/20/6 Mailing List
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html X_refsource_confirm
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html X_refsource_confirm
http://www.securityfocus.com/bid/77544 Vdb Entry
http://www.securitytracker.com/id/1034472 Vdb Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1272172 X_refsource_confirm
https://github.com/torvalds/linux/commit/f05819df10d7b09f6d1eb6f8534a8f68e5a4fe61 X_refsource_confirm
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05068676 X_refsource_confirm
https://source.android.com/security/bulletin/2016-12-01.html X_refsource_confirm
URL Date SRC
URL Date SRC
URL Date SRC
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f05819df10d7b09f6d1eb6f8534a8f68e5a4fe61 2023-02-13
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00035.html 2023-02-13
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00005.html 2023-02-13
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00018.html 2023-02-13
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00026.html 2023-02-13
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00031.html 2023-02-13
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00007.html 2023-02-13
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00009.html 2023-02-13
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00013.html 2023-02-13
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00017.html 2023-02-13
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00018.html 2023-02-13
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00019.html 2023-02-13
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00020.html 2023-02-13
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00021.html 2023-02-13
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00022.html 2023-02-13
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00034.html 2023-02-13
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html 2023-02-13
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html 2023-02-13
http://marc.info/?l=bugtraq&m=145975164525836&w=2 2023-02-13
http://rhn.redhat.com/errata/RHSA-2015-2636.html 2023-02-13
http://rhn.redhat.com/errata/RHSA-2016-0185.html 2023-02-13
http://rhn.redhat.com/errata/RHSA-2016-0212.html 2023-02-13
http://rhn.redhat.com/errata/RHSA-2016-0224.html 2023-02-13
http://www.debian.org/security/2015/dsa-3396 2023-02-13
http://www.ubuntu.com/usn/USN-2823-1 2023-02-13
http://www.ubuntu.com/usn/USN-2824-1 2023-02-13
http://www.ubuntu.com/usn/USN-2826-1 2023-02-13
http://www.ubuntu.com/usn/USN-2829-1 2023-02-13
http://www.ubuntu.com/usn/USN-2829-2 2023-02-13
http://www.ubuntu.com/usn/USN-2840-1 2023-02-13
http://www.ubuntu.com/usn/USN-2840-2 2023-02-13
http://www.ubuntu.com/usn/USN-2843-1 2023-02-13
http://www.ubuntu.com/usn/USN-2843-2 2023-02-13
http://www.ubuntu.com/usn/USN-2843-3 2023-02-13
https://bugzilla.redhat.com/show_bug.cgi?id=1272371 2016-02-16
https://github.com/torvalds/linux/commit/ce1fad2740c648a4340f6f6c391a8a83769d2e8c 2023-02-13
https://access.redhat.com/security/cve/CVE-2015-7872 2016-02-16
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 <= 4.2.6
Search vendor "Linux" for product "Linux Kernel" and version " <= 4.2.6"
-
Affected