Extended Lifecycle Support CVE dashboard by TuxСare

CVEs Releases Projects

CVE-2016-9604

Updated: 2022-05-25 08:49:26.686606

Description:

It was discovered in the Linux kernel before 4.11-rc8 that root can gain direct access to an internal keyring, such as '.dns_resolver' in RHEL-7 or '.builtin_trusted_keys' upstream, by joining it as its session keyring. This allows root to bypass module signature verification by adding a new public key of its own devising to the keyring.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x LOW 2.1
CVSS Version 3.x MEDIUM 4.4

Status

OS name Project name Version Status Errata Last updated
Oracle Linux 6 ELS kernel 2.6.32 Released CLSA-2021:1634922728 2022-05-06 10:22:21.927283