CVE-2016-9313
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
security/keys/big_key.c in the Linux kernel before 4.8.7 mishandles unsuccessful crypto registration in conjunction with successful key-type registration, which allows local users to cause a denial of service (NULL pointer dereference and panic) or possibly have unspecified other impact via a crafted application that uses the big_key data type.
security/keys/big_key.c en el kernel Linux en versiones anteriores a 4.8.7 maneja incorrectamente un registro criptográfico no exitoso en conjunción con un registro key-type exitoso,lo que permite a usuarios locales provocar una denegación de servicio (referencia al puntero NULO y pánico) o tener otros posibles impactos no especificados a través de una aplicación manipulada que utiliza el tipo de dato big_key.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-11-14 CVE Reserved
- 2016-11-28 CVE Published
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-476: NULL Pointer Dereference
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.7 | Release Notes | |
| http://www.securityfocus.com/bid/94546 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2016/07/22/1 | 2024-08-06 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.7 < 4.8.7 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.7 < 4.8.7" | - |
Affected
| ||||||