CVE-2016-0728
Description
The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands.
Risk Information
Base Score
7.8
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
50.836
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2016-0728 are fixed in Chrome 48.0.2564.92 | Windows |
| Vulnerabilities CVE-2016-0728 are fixed in Chrome (x64) 48.0.2564.92 | Windows |
| Linux kernel (USN-2870-1) linux-image-3.13.0-76-generic_3.13.0-76.120_i386.deb | Linux |
| Linux kernel (USN-2870-1) linux-image-3.13.0-76-generic_3.13.0-76.120_amd64.deb | Linux |
| Linux kernel (USN-2870-1) linux-image-3.13.0-76-lowlatency_3.13.0-76.120_i386.deb | Linux |
| Linux kernel (USN-2870-1) linux-image-3.13.0-76-lowlatency_3.13.0-76.120_amd64.deb | Linux |
| Linux hardware enablement kernel from Trusty (USN-2870-2) linux-image-3.13.0-76-generic_3.13.0-76.120~precise1_i386.deb | Linux |
| Linux hardware enablement kernel from Trusty (USN-2870-2) linux-image-3.13.0-76-generic_3.13.0-76.120~precise1_amd64.deb | Linux |
| Linux kernel (USN-2871-1) linux-image-3.19.0-47-generic_3.19.0-47.53_i386.deb | Linux |
| Linux kernel (USN-2871-1) linux-image-3.19.0-47-generic_3.19.0-47.53_amd64.deb | Linux |
| Linux kernel (USN-2871-1) linux-image-3.19.0-47-lowlatency_3.19.0-47.53_i386.deb | Linux |
| Linux kernel (USN-2871-1) linux-image-3.19.0-47-lowlatency_3.19.0-47.53_amd64.deb | Linux |
| Dtrace-modules-3.8.13-118.2.5.el6uek update (ELSA-2016-3509) dtrace-modules-3.8.13-118.2.5.el6uek-0.4.5-3.el6.x86_64.rpm | Linux |
| Dtrace-modules-3.8.13-118.2.5.el7uek update (ELSA-2016-3509) dtrace-modules-3.8.13-118.2.5.el7uek-0.4.5-3.el7.x86_64.rpm | Linux |
| Vulnerabilities CVE-2016-0728 are fixed in Chrome 48.0.2564.92 (For Debian) | Linux |
| Vulnerabilities CVE-2016-0728 are fixed in Chrome 48.0.2564.92 (For Centos) | Linux |
| Vulnerabilities CVE-2016-0728 are fixed in Chrome 48.0.2564.92 (For RedHat) | Linux |
| Vulnerabilities CVE-2016-0728 are fixed in Chrome 48.0.2564.92 (For Suse) | Linux |
| Vulnerabilities CVE-2016-0728 are fixed in Chrome 48.0.2564.92 (For Ubuntu) | Linux |
| CVE-2016-0728 | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-313038 | Google Chrome (80.0.3987.122) |
| PATCH-313039 | Google Chrome (x64) (80.0.3987.122) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234