CVE Vulnerabilities

CVE-2016-9313

NULL Pointer Dereference

Published: Nov 28, 2016 | Modified: Nov 21, 2024
CVSS 3.x
7.8
HIGH
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS 2.x
9.3 HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C
RedHat/V2
4.7 MODERATE
AV:L/AC:M/Au:N/C:N/I:N/A:C
RedHat/V3
5.5 MODERATE
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Ubuntu
MEDIUM

security/keys/big_key.c in the Linux kernel before 4.8.7 mishandles unsuccessful crypto registration in conjunction with successful key-type registration, which allows local users to cause a denial of service (NULL pointer dereference and panic) or possibly have unspecified other impact via a crafted application that uses the big_key data type.

Weakness

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

Affected Software

Name Vendor Start Version End Version
Linux_kernel Linux 4.7 (including) 4.8.7 (excluding)
Linux Ubuntu upstream *
Linux Ubuntu yakkety *
Linux-armadaxp Ubuntu upstream *
Linux-aws Ubuntu upstream *
Linux-flo Ubuntu trusty *
Linux-flo Ubuntu upstream *
Linux-gke Ubuntu upstream *
Linux-goldfish Ubuntu trusty *
Linux-goldfish Ubuntu upstream *
Linux-grouper Ubuntu trusty *
Linux-grouper Ubuntu upstream *
Linux-hwe Ubuntu upstream *
Linux-hwe-edge Ubuntu upstream *
Linux-linaro-omap Ubuntu precise *
Linux-linaro-omap Ubuntu upstream *
Linux-linaro-shared Ubuntu precise *
Linux-linaro-shared Ubuntu upstream *
Linux-linaro-vexpress Ubuntu precise *
Linux-linaro-vexpress Ubuntu upstream *
Linux-lts-quantal Ubuntu precise *
Linux-lts-quantal Ubuntu upstream *
Linux-lts-raring Ubuntu precise *
Linux-lts-raring Ubuntu upstream *
Linux-lts-saucy Ubuntu precise *
Linux-lts-saucy Ubuntu upstream *
Linux-lts-trusty Ubuntu upstream *
Linux-lts-utopic Ubuntu trusty *
Linux-lts-utopic Ubuntu upstream *
Linux-lts-vivid Ubuntu upstream *
Linux-lts-wily Ubuntu trusty *
Linux-lts-wily Ubuntu upstream *
Linux-lts-xenial Ubuntu upstream *
Linux-maguro Ubuntu trusty *
Linux-maguro Ubuntu upstream *
Linux-mako Ubuntu trusty *
Linux-mako Ubuntu upstream *
Linux-manta Ubuntu trusty *
Linux-manta Ubuntu upstream *
Linux-qcm-msm Ubuntu precise *
Linux-qcm-msm Ubuntu upstream *
Linux-raspi2 Ubuntu upstream *
Linux-raspi2 Ubuntu yakkety *
Linux-snapdragon Ubuntu upstream *
Linux-ti-omap4 Ubuntu upstream *

Potential Mitigations

References