CVE-2015-8539

The KEYS subsystem in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (BUG) via crafted keyctl commands that negatively instantiate a key, related to security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and security/keys/user_defined.c.

Weakness

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Affected Software

Potential Mitigations

Related Attack Patterns

• https://cwe.mitre.org/data/definitions/122.html
• https://cwe.mitre.org/data/definitions/233.html
• https://cwe.mitre.org/data/definitions/58.html

References

• http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=096fe9eaea40a17e125569f9e657e34cdb6d73bd
• http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00007.html
• http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00008.html
• http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00009.html
• http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00011.html
• http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00017.html
• http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00018.html
• http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00019.html
• http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00020.html
• http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00021.html
• http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00022.html
• http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00034.html
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html
• http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html
• http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html
• http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html
• http://www.openwall.com/lists/oss-security/2015/12/09/1
• https://access.redhat.com/errata/RHSA-2018:0151
• https://access.redhat.com/errata/RHSA-2018:0152
• https://access.redhat.com/errata/RHSA-2018:0181
• https://bugzilla.redhat.com/show_bug.cgi?id=1284450
• https://github.com/torvalds/linux/commit/096fe9eaea40a17e125569f9e657e34cdb6d73bd
• https://usn.ubuntu.com/3798-1/
• https://usn.ubuntu.com/3798-2/
• http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=096fe9eaea40a17e125569f9e657e34cdb6d73bd
• http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00007.html
• http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00008.html
• http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00009.html
• http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00011.html
• http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00017.html
• http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00018.html
• http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00019.html
• http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00020.html
• http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00021.html
• http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00022.html
• http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00034.html
• http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.html
• http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.html
• http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html
• http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html
• http://www.openwall.com/lists/oss-security/2015/12/09/1
• https://access.redhat.com/errata/RHSA-2018:0151
• https://access.redhat.com/errata/RHSA-2018:0152
• https://access.redhat.com/errata/RHSA-2018:0181
• https://bugzilla.redhat.com/show_bug.cgi?id=1284450
• https://github.com/torvalds/linux/commit/096fe9eaea40a17e125569f9e657e34cdb6d73bd
• https://usn.ubuntu.com/3798-1/
• https://usn.ubuntu.com/3798-2/