AndroidVulnerabilities.org

CVE-2016-4470

(json)

• CVE numbers: CVE-2016-4470 [Bulletin-CVE-2016-4470]
• Coordinated disclosure?: unknown
• Categories: Elevation of privilege vulnerability in kernel security subsystem
• Details: The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command. [NIST-CVE-2016-4470]
• Discovered by: on: Unknown
• Reported on: 2016-09-01 [Bulletin-CVE-2016-4470]
• Fixed on: 2016-06-16 [Upstream kernel]
• Fix released on: Unknown
• Affected versions: regex:
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2016-4470]
• Fixed versions:
• Submission: by: Daniel Carter, on: 2019-07-29