CVE-2016-9604

CVSS v3.0 4.4 (Medium)

CVSS v2.0 2.1 (Low)

EPSS 0.06 % (27^th)

Affected Products 1

Advisories 16

It was discovered in the Linux kernel before 4.11-rc8 that root can gain direct access to an internal keyring, such as '.dns_resolver' in RHEL-7 or '.builtin_trusted_keys' upstream, by joining it as its session keyring. This allows root to bypass module signature verification by adding a new public key of its own devising to the keyring.

Weaknesses

CWE-347: Improper Verification of Cryptographic Signature
CWE-732: Incorrect Permission Assignment for Critical Resource

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2018-07-11 13:29:00
(6 years ago)
Updated Date: 2023-11-07 02:37:15
(10 months ago)

Affected Products

Linux

Linux Kernel

Configuration #1

	CPE23	Up To
Linux Kernel 4.11 and prior versions	cpe:2.3:o:linux:linux_kernel	<= 4.11
Linux Kernel 4.11 Rc1	cpe:2.3:o:linux:linux_kernel:4.11:rc1
Linux Kernel 4.11 Rc2	cpe:2.3:o:linux:linux_kernel:4.11:rc2
Linux Kernel 4.11 Rc3	cpe:2.3:o:linux:linux_kernel:4.11:rc3
Linux Kernel 4.11 Rc4	cpe:2.3:o:linux:linux_kernel:4.11:rc4
Linux Kernel 4.11 Rc5	cpe:2.3:o:linux:linux_kernel:4.11:rc5
Linux Kernel 4.11 Rc6	cpe:2.3:o:linux:linux_kernel:4.11:rc6
Linux Kernel 4.11 Rc7	cpe:2.3:o:linux:linux_kernel:4.11:rc7