CVE-2016-8650

Description

The mpi_powm function in lib/mpi/mpi-pow.c in the Linux kernel through 4.8.11 does not ensure that memory is allocated for limb data, which allows local users to cause a denial of service (stack memory corruption and panic) via an add_key system call for an RSA key with a zero exponent.

CVSS Metrics

• v3.0•MEDIUM•Score: 5.5CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
• v2.0•MEDIUM•Score: 4.9AV:L/AC:L/Au:N/C:N/I:N/A:C

EPSS Trends

Current EPSS score: 0.04%• Percentile: 14%

Techniques & Countermeasures

• CWE-20•Improper Input Validation

  The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

• CWE-399•Resource Management Errors

  Weaknesses in this category are related to improper management of system resources.

Affected Systems

• linux•linux_kernel

  ≤ 4.8.11

References (12)

• https://github.com/torvalds/linux/commit/f5527fffff3f002b0a6b376163613b82f69de073
• http://www.securitytracker.com/id/1037968
• http://seclists.org/fulldisclosure/2016/Nov/76
• http://www.openwall.com/lists/oss-security/2016/11/24/8
• https://bugzilla.redhat.com/show_bug.cgi?id=1395187
• https://access.redhat.com/errata/RHSA-2018:1854
• https://access.redhat.com/errata/RHSA-2017:0932
• http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f5527fffff3f002b0a6b376163613b82f69de073
• https://access.redhat.com/errata/RHSA-2017:0933
• https://access.redhat.com/errata/RHSA-2017:0931
• http://www.securityfocus.com/bid/94532
• https://source.android.com/security/bulletin/2017-03-01.html