CVE-2016-8646

kernel: Oops in shash_async_export()

Severity Score

5.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The hash_accept function in crypto/algif_hash.c in the Linux kernel before 4.3.6 allows local users to cause a denial of service (OOPS) by attempting to trigger use of in-kernel hash algorithms for a socket that has received zero bytes of data.

La función hash_accept en crypto/algif_hash.c en el kernel Linux en versiones anteriores a 4.3.6 permite a usuarios locales provocar una denegación de servicio (OOPS) intentando desencadenar el uso de algoritmos hash in-kernel para un enchufe que ha recibido cero bytes de datos.

A vulnerability was found in the Linux kernel. An unprivileged local user could trigger oops in shash_async_export() by attempting to force the in-kernel hashing algorithms into decrypting an empty data set.

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix: It was found that the packet_set_ring() function of the Linux kernel's networking implementation did not properly validate certain block-size data. A local attacker with CAP_NET_RAW capability could use this flaw to trigger a buffer overflow, resulting in the crash of the system. Due to the nature of the flaw, privilege escalation cannot be fully ruled out.

*Credits: N/A

CVSS Scores

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

Attack Vector

Local

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2016-10-12 CVE Reserved
2016-11-28 CVE Published
2024-08-06 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-476: NULL Pointer Dereference

CAPEC

References (10)

URL	Tag	Source
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.3.6	Release Notes
http://www.openwall.com/lists/oss-security/2016/11/15/2	Mailing List
http://www.securityfocus.com/bid/94309	Vdb Entry

URL	Date	SRC

URL	Date	SRC
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4afa5f9617927453ac04b24b584f6c718dfb4f45	2023-02-12
https://github.com/torvalds/linux/commit/4afa5f9617927453ac04b24b584f6c718dfb4f45	2023-02-12

URL	Date	SRC
https://access.redhat.com/errata/RHSA-2017:1297	2023-02-12
https://access.redhat.com/errata/RHSA-2017:1298	2023-02-12
https://access.redhat.com/errata/RHSA-2017:1308	2023-02-12
https://bugzilla.redhat.com/show_bug.cgi?id=1388821	2017-05-25
https://access.redhat.com/security/cve/CVE-2016-8646	2017-05-25

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				<= 4.3.5 Search vendor "Linux" for product "Linux Kernel" and version " <= 4.3.5"		-		Affected