CVE-2016-9604

Updated: 2023-11-07 19:22:30.939878

Description:

It was discovered in the Linux kernel before 4.11-rc8 that root can gain direct access to an internal keyring, such as '.dns_resolver' in RHEL-7 or '.builtin_trusted_keys' upstream, by joining it as its session keyring. This allows root to bypass module signature verification by adding a new public key of its own devising to the keyring.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x LOW 2.1
CVSS Version 3.x MEDIUM 4.4

Status

OS name Project name Version Score Severity Status Errata Last updated
Oracle Linux 6 ELS kernel 2.6.32 4.4 MEDIUM Released CLSA-2021:1634922728 2022-05-06 10:22:21