CVE-2016-2053

kernel: Kernel panic and system lockup by triggering BUG_ON() in public_key_verify_signature()

Severity Score

4.7

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel before 4.3 allows attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c.

La función asn1_ber_decoder en lib/asn1_decoder.c en el kernel de Linux en versiones anteriores a 4.3 permite a atacantes provocar una denegación de servicio (pánico) a través de un archivo ASN.1 BER que carece de clave pública, llevando a un manejo incorrecto por la función public_key_verify_signature en crypto/asymmetric_keys/public_key.c.

A syntax vulnerability was discovered in the kernel's ASN1.1 DER decoder, which could lead to memory corruption or a complete local denial of service through x509 certificate DER files. A local system user could use a specially created key file to trigger BUG_ON() in the public_key_verify_signature() function (crypto/asymmetric_keys/public_key.c), to cause a kernel panic and crash the system.

*Credits: N/A

CVSS Scores

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2016-01-25 CVE Reserved
2016-05-02 CVE Published
2024-08-05 CVE Updated
2024-12-17 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-228: Improper Handling of Syntactically Invalid Structure
CWE-310: Cryptographic Issues

CAPEC

References (29)

URL	Tag	Source
http://www.openwall.com/lists/oss-security/2016/01/25/4	Mailing List
http://www.securitytracker.com/id/1036763	Third Party Advisory

URL	Date	SRC

URL	Date	SRC
https://github.com/torvalds/linux/commit/0d62e9dd6da45bbf0f33a8617afc5fe774c8f45f	2018-08-30

URL	Date	SRC
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0d62e9dd6da45bbf0f33a8617afc5fe774c8f45f	2018-08-30
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00044.html	2018-08-30
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00052.html	2018-08-30
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html	2018-08-30
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html	2018-08-30
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.html	2018-08-30
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html	2018-08-30
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.html	2018-08-30
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.html	2018-08-30
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.html	2018-08-30
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.html	2018-08-30
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.html	2018-08-30
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00017.html	2018-08-30
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.html	2018-08-30
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.html	2018-08-30
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.html	2018-08-30
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.html	2018-08-30
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.html	2018-08-30
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00023.html	2018-08-30
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.html	2018-08-30
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html	2018-08-30
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html	2018-08-30
http://rhn.redhat.com/errata/RHSA-2016-2574.html	2018-08-30
http://rhn.redhat.com/errata/RHSA-2016-2584.html	2018-08-30
https://bugzilla.redhat.com/show_bug.cgi?id=1300237	2016-11-03
https://access.redhat.com/security/cve/CVE-2016-2053	2016-11-03

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 4.3 Search vendor "Linux" for product "Linux Kernel" and version " < 4.3"		-		Affected