Medium severity5.5NVD Advisory· Published Jun 27, 2016· Updated May 6, 2026
CVE-2016-4470
CVE-2016-4470
Description
The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command.
Affected products
17- cpe:2.3:o:novell:suse_linux_enterprise_real_time_extension:12.0:sp1:*:*:*:*:*:*
cpe:2.3:o:oracle:linux:5.0:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:oracle:linux:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*
- cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*
cpe:2.3:o:oracle:vm_server:3.3:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:oracle:vm_server:3.3:*:*:*:*:*:*:*
- cpe:2.3:o:oracle:vm_server:3.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_for_real_time:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_hpc_node_eus:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
48- git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/nvdVendor Advisory
- lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.htmlnvdThird Party Advisory
- rhn.redhat.com/errata/RHSA-2016-1532.htmlnvdThird Party Advisory
- rhn.redhat.com/errata/RHSA-2016-1539.htmlnvdThird Party Advisory
- rhn.redhat.com/errata/RHSA-2016-1541.htmlnvdThird Party Advisory
- www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.htmlnvdThird Party Advisory
- www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.htmlnvdVendor Advisory
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party AdvisoryVDB Entry
- github.com/torvalds/linux/commit/38327424b40bcebe2de92d07312c89360ac9229anvdVendor Advisory
- lists.opensuse.org/opensuse-security-announce/2016-08/msg00003.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2016-08/msg00008.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2016-08/msg00009.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2016-08/msg00012.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2016-08/msg00013.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2016-08/msg00014.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2016-08/msg00015.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2016-08/msg00016.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2016-08/msg00017.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2016-08/msg00018.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2016-08/msg00019.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2016-08/msg00020.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2016-08/msg00021.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2016-08/msg00022.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2016-08/msg00023.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2016-08/msg00026.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2016-08/msg00027.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.htmlnvd
- rhn.redhat.com/errata/RHSA-2016-1657.htmlnvd
- rhn.redhat.com/errata/RHSA-2016-2006.htmlnvd
- rhn.redhat.com/errata/RHSA-2016-2074.htmlnvd
- rhn.redhat.com/errata/RHSA-2016-2076.htmlnvd
- rhn.redhat.com/errata/RHSA-2016-2128.htmlnvd
- rhn.redhat.com/errata/RHSA-2016-2133.htmlnvd
- www.debian.org/security/2016/dsa-3607nvd
- www.openwall.com/lists/oss-security/2016/06/15/11nvd
- www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.htmlnvd
- www.securitytracker.com/id/1036763nvd
- www.ubuntu.com/usn/USN-3049-1nvd
- www.ubuntu.com/usn/USN-3050-1nvd
- www.ubuntu.com/usn/USN-3051-1nvd
- www.ubuntu.com/usn/USN-3052-1nvd
- www.ubuntu.com/usn/USN-3053-1nvd
- www.ubuntu.com/usn/USN-3054-1nvd
- www.ubuntu.com/usn/USN-3055-1nvd
- www.ubuntu.com/usn/USN-3056-1nvd
- www.ubuntu.com/usn/USN-3057-1nvd
News mentions
0No linked articles in our index yet.